← Back to CVE List

CVE-2023-25574

Published: 2025-02-25T15:15Z
Last Modified: 2025-02-25T15:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
`jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only users that has configured a JupyterHub installation to use the authenticator class `LTI13Authenticator` are affected. `jupyterhub-ltiauthenticator` version 1.4.0 removes LTI13Authenticator to address the issue. No known workarounds are available. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt