jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are affected. jupyterhub-ltiauthenticator version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are…Read More
CVE-2023-25574
