Fritterhoff

**Name of the Vulnerable Software and Affected Versions** JupyterHub versions prior to 1.5 **Description** The issue affects users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session. When logging out, fresh credentials for the single-user server are reinstated if another active JupyterLab session is open, resulting in incomplete logout. **Recommendations** For versions prior to 1.5, upgrade to JupyterHub 1.5. For distributed deployments, patch jupyterhub in the user environment. As a temporary workaround, ensure that only one JupyterLab tab is open when logging out.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** The issue is related to weaknesses in the WebAuthn authentication mechanism. It allows an attacker to register a new security device or key for any user without a previously registered device, using the WebAuthn password-less login flow. This could enable a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.