Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
38 vulnerabilities by nautobot
CVE-2026-44798 (GCVE-0-2026-44798)
Vulnerability from nvd – Published: 2026-05-28 16:57 – Updated: 2026-05-28 19:02
VLAI
Title
Nautobot: GitRepository.current_head field should not be writable through REST API
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/9dedd… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/c46f9… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:01:54.215823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:02:15.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot\u0027s local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471: Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T16:57:45.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609"
},
{
"name": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-p3hx-pwf3-j8wr",
"discovery": "UNKNOWN"
},
"title": "Nautobot: GitRepository.current_head field should not be writable through REST API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44798",
"datePublished": "2026-05-28T16:57:45.734Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-28T19:02:15.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44797 (GCVE-0-2026-44797)
Vulnerability from nvd – Published: 2026-05-28 16:59 – Updated: 2026-05-29 15:29
VLAI
Title
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/16aa4… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/7324c… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:29:49.861579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:29:56.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot\u0027s Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T16:59:06.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26"
},
{
"name": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-c35q-vxrp-ph26",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44797",
"datePublished": "2026-05-28T16:59:06.143Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-29T15:29:56.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44796 (GCVE-0-2026-44796)
Vulnerability from nvd – Published: 2026-05-28 17:00 – Updated: 2026-05-30 02:01
VLAI
Title
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/5a30d… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/c2b76… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T02:01:49.952039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T02:01:59.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:00:06.533Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm"
},
{
"name": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd"
},
{
"name": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-qrpw-gjvh-x5gm",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44796",
"datePublished": "2026-05-28T17:00:06.533Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-30T02:01:59.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44794 (GCVE-0-2026-44794)
Vulnerability from nvd – Published: 2026-05-28 17:01 – Updated: 2026-05-30 02:02
VLAI
Title
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot's REST API failed to enforce user "view" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/36cde… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/9918b… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T02:02:38.997080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T02:02:47.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different \"content types\" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot\u0027s REST API failed to enforce user \"view\" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:01:21.400Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x"
},
{
"name": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-wpxj-44w3-2j6x",
"discovery": "UNKNOWN"
},
"title": "Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44794",
"datePublished": "2026-05-28T17:01:21.400Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-30T02:02:47.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34203 (GCVE-0-2026-34203)
Vulnerability from nvd – Published: 2026-03-31 19:27 – Updated: 2026-03-31 20:30
VLAI
Title
Nautobot: Management of users via REST API does not apply configured password validators
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/8778 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/8779 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/589f7… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/d1ef3… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T20:29:54.867462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T20:30:00.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.30"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django\u0027s AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot\u0027s nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:27:29.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873"
},
{
"name": "https://github.com/nautobot/nautobot/pull/8778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/8778"
},
{
"name": "https://github.com/nautobot/nautobot/pull/8779",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/8779"
},
{
"name": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9"
}
],
"source": {
"advisory": "GHSA-xmpv-j7p2-j873",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Management of users via REST API does not apply configured password validators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34203",
"datePublished": "2026-03-31T19:27:29.903Z",
"dateReserved": "2026-03-26T15:57:52.323Z",
"dateUpdated": "2026-03-31T20:30:00.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62607 (GCVE-0-2025-62607)
Vulnerability from nvd – Published: 2025-10-22 15:40 – Updated: 2025-10-22 16:05
VLAI
Title
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Summary
Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page. This issue has been patched in version 3.10.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot-app-ssot/sec… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot-app-ssot/com… | x_refsource_MISC |
| https://github.com/nautobot/nautobot-app-ssot/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nautobot | nautobot-app-ssot |
Affected:
< 3.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T16:05:41.837662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:05:50.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot-app-ssot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page. This issue has been patched in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:40:46.355Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v"
},
{
"name": "https://github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8"
},
{
"name": "https://github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0"
}
],
"source": {
"advisory": "GHSA-535g-62r7-cx6v",
"discovery": "UNKNOWN"
},
"title": "Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62607",
"datePublished": "2025-10-22T15:40:46.355Z",
"dateReserved": "2025-10-16T19:24:37.268Z",
"dateUpdated": "2025-10-22T16:05:50.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49143 (GCVE-0-2025-49143)
Vulnerability from nvd – Published: 2025-06-10 15:43 – Updated: 2025-06-10 18:12
VLAI
Title
Nautobot may allows uploaded media files to be accessible without authentication
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/6672 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/6703 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/9c892… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/d99a5… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:58:15.965698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:12:01.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot\u0027s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:43:59.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6672"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6703",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6703"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95"
}
],
"source": {
"advisory": "GHSA-rh67-4c8j-hjjh",
"discovery": "UNKNOWN"
},
"title": "Nautobot may allows uploaded media files to be accessible without authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49143",
"datePublished": "2025-06-10T15:43:59.225Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T18:12:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49142 (GCVE-0-2025-49142)
Vulnerability from nvd – Published: 2025-06-10 15:40 – Updated: 2025-06-10 17:10
VLAI
Title
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/7417 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/7429 | x_refsource_MISC |
| https://docs.djangoproject.com/en/4.2/ref/templat… | x_refsource_MISC |
| https://jinja.palletsprojects.com/en/stable/sandbox | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T17:10:17.082932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:10:21.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:40:21.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7417",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7417"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7429"
},
{
"name": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description"
},
{
"name": "https://jinja.palletsprojects.com/en/stable/sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://jinja.palletsprojects.com/en/stable/sandbox"
}
],
"source": {
"advisory": "GHSA-wjw6-95h5-4jpx",
"discovery": "UNKNOWN"
},
"title": "Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49142",
"datePublished": "2025-06-10T15:40:21.105Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T17:10:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36112 (GCVE-0-2024-36112)
Vulnerability from nvd – Published: 2024-05-28 22:26 – Updated: 2024-08-02 03:30
VLAI
Title
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5757 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5762 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:59:52.272021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:49:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.23"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/\u003cuuid\u003e/`) and/or the members REST API view (`/api/extras/dynamic-groups/\u003cuuid\u003e/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\u0027s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T22:26:12.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"source": {
"advisory": "GHSA-qmjf-wc2h-6x3q",
"discovery": "UNKNOWN"
},
"title": "Nautobot dynamic-group-members doesn\u0027t enforce permission restrictions on member objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36112",
"datePublished": "2024-05-28T22:26:12.487Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34707 (GCVE-0-2024-34707)
Vulnerability from nvd – Published: 2024-05-13 19:22 – Updated: 2024-08-02 02:59
VLAI
Title
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5697 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5698 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/4f0a6… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/f640a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:20:33.233925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.22"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:22:41.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"source": {
"advisory": "GHSA-r2hr-4v48-fjv3",
"discovery": "UNKNOWN"
},
"title": "Nautobot\u0027s BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34707",
"datePublished": "2024-05-13T19:22:41.202Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32979 (GCVE-0-2024-32979)
Vulnerability from nvd – Published: 2024-05-01 10:49 – Updated: 2024-08-02 02:27
VLAI
Title
Reflected Cross-site Scripting potential in all object list views in Nautobot
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5646 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5647 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/42440… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| nautobot | nautobot |
Affected:
< 1.6.20
Affected: >= 2.0.0, < 2.2.3 |
|
| networktocode | nautobot |
Affected:
0 , < 1.6.20
(custom)
cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:* |
|
| networktocode | nautobot |
Affected:
2.0.0 , ≤ 2.2.3
(custom)
cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThan": "1.6.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T16:56:47.104819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:15:30.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.20"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T10:49:56.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"source": {
"advisory": "GHSA-jxgr-gcj5-cqqg",
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-site Scripting potential in all object list views in Nautobot"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32979",
"datePublished": "2024-05-01T10:49:56.643Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29199 (GCVE-0-2024-29199)
Vulnerability from nvd – Published: 2024-03-26 03:08 – Updated: 2024-08-02 16:13
VLAI
Title
Unauthenticated views may expose information to anonymous users
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5464 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5465 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/2fd95… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/dd623… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:13:02.596894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:13:27.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.16"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:08:21.873Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"source": {
"advisory": "GHSA-m732-wvh2-7cq4",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated views may expose information to anonymous users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29199",
"datePublished": "2024-03-26T03:08:21.873Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-02T16:13:27.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23345 (GCVE-0-2024-23345)
Vulnerability from nvd – Published: 2024-01-22 23:14 – Updated: 2025-05-30 14:21
VLAI
Title
Nautobot has XSS potential in rendered Markdown fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5133 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5134 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/17eff… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/64312… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:16.603356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:21:39.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003c 1.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T23:14:52.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"source": {
"advisory": "GHSA-v4xv-795h-rv4h",
"discovery": "UNKNOWN"
},
"title": "Nautobot has XSS potential in rendered Markdown fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23345",
"datePublished": "2024-01-22T23:14:52.596Z",
"dateReserved": "2024-01-15T15:19:19.445Z",
"dateUpdated": "2025-05-30T14:21:39.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51649 (GCVE-0-2023-51649)
Vulnerability from nvd – Published: 2023-12-22 16:48 – Updated: 2024-08-02 22:40
VLAI
Title
Nautobot missing object-level permissions enforcement when running Job Buttons
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/issues/4988 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4993 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4995 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.14, \u003c 1.6.8"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T16:48:19.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"source": {
"advisory": "GHSA-vf5m-xrhm-v999",
"discovery": "UNKNOWN"
},
"title": "Nautobot missing object-level permissions enforcement when running Job Buttons"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51649",
"datePublished": "2023-12-22T16:48:19.711Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:33.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50263 (GCVE-0-2023-50263)
Vulnerability from nvd – Published: 2023-12-12 22:17 – Updated: 2024-08-02 22:16
VLAI
Title
Nautobot allows unauthenticated db-file-storage views
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs.
In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.
Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.
Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
Severity
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/4959 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4964 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/45828… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/7c4cf… | x_refsource_MISC |
| https://github.com/victor-o-silva/db_file_storage… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.6.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot\u0027s `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T22:17:00.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"source": {
"advisory": "GHSA-75mc-3pjc-727q",
"discovery": "UNKNOWN"
},
"title": "Nautobot allows unauthenticated db-file-storage views"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50263",
"datePublished": "2023-12-12T22:17:00.858Z",
"dateReserved": "2023-12-05T20:42:59.379Z",
"dateUpdated": "2024-08-02T22:16:46.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-44794 (GCVE-0-2026-44794)
Vulnerability from cvelistv5 – Published: 2026-05-28 17:01 – Updated: 2026-05-30 02:02
VLAI
Title
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot's REST API failed to enforce user "view" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/36cde… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/9918b… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T02:02:38.997080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T02:02:47.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey (a pattern allowing an object to reference another object that may belong to one of several different \"content types\" or database tables), when creating or updating an object containing a GenericForeignKey, Nautobot\u0027s REST API failed to enforce user \"view\" permissions when determining whether a given reference to another object would be valid. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:01:21.400Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wpxj-44w3-2j6x"
},
{
"name": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/36cde7148a207234de6212ec074f321dbc9d1b5b"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9918bdb9bcf1eb42cda72c344f420a64ef7665f1"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-wpxj-44w3-2j6x",
"discovery": "UNKNOWN"
},
"title": "Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44794",
"datePublished": "2026-05-28T17:01:21.400Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-30T02:02:47.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44796 (GCVE-0-2026-44796)
Vulnerability from cvelistv5 – Published: 2026-05-28 17:00 – Updated: 2026-05-30 02:01
VLAI
Title
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/5a30d… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/c2b76… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T02:01:49.952039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T02:01:59.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints (for example, /dcim/interfaces/rename/) were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in combination with the use_regex flag. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:00:06.533Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qrpw-gjvh-x5gm"
},
{
"name": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/5a30d0916953afbeedd24a784709e762cc3879cd"
},
{
"name": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/c2b766966d814a7141f62c7bc90c85fefb7892ee"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-qrpw-gjvh-x5gm",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44796",
"datePublished": "2026-05-28T17:00:06.533Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-30T02:01:59.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44797 (GCVE-0-2026-44797)
Vulnerability from cvelistv5 – Published: 2026-05-28 16:59 – Updated: 2026-05-29 15:29
VLAI
Title
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/16aa4… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/7324c… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T15:29:49.861579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:29:56.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot\u0027s Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowing for various behaviors similar to server-side request forgery (SSRF). This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T16:59:06.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-c35q-vxrp-ph26"
},
{
"name": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/16aa4aa9796ab7a31c4d615ec945e1f16d8c77c4"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7324c8f0d8c7245fbc691e15d729adc2d2707d08"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-c35q-vxrp-ph26",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44797",
"datePublished": "2026-05-28T16:59:06.143Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-29T15:29:56.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44798 (GCVE-0-2026-44798)
Vulnerability from cvelistv5 – Published: 2026-05-28 16:57 – Updated: 2026-05-28 19:02
VLAI
Title
Nautobot: GitRepository.current_head field should not be writable through REST API
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/commit/9dedd… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/c46f9… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T19:01:54.215823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:02:15.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0a2, \u003c 3.1.2"
},
{
"status": "affected",
"version": "\u003c 2.4.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the current_head field on the record, which was not intended to be user-editable. Doing so could cause Nautobot\u0027s local clone(s) of the relevant repository to checkout a commit other than the latest commit on the specified branch (resulting in misleading state), or potentially to be unable to make use of the repository at all (until manually remediated) due to the current_head pointing to a nonexistent commit hash or malformed value. This vulnerability is fixed in 2.4.33 and 3.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471: Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T16:57:45.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-p3hx-pwf3-j8wr"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9deddfc91ad9260ad17b5e20084e9e2d15be3609"
},
{
"name": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/c46f97040b2bde4320be36b23577f19a8bcbd8c3"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.4.33"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v3.1.2"
}
],
"source": {
"advisory": "GHSA-p3hx-pwf3-j8wr",
"discovery": "UNKNOWN"
},
"title": "Nautobot: GitRepository.current_head field should not be writable through REST API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44798",
"datePublished": "2026-05-28T16:57:45.734Z",
"dateReserved": "2026-05-07T19:20:44.693Z",
"dateUpdated": "2026-05-28T19:02:15.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34203 (GCVE-0-2026-34203)
Vulnerability from cvelistv5 – Published: 2026-03-31 19:27 – Updated: 2026-03-31 20:30
VLAI
Title
Nautobot: Management of users via REST API does not apply configured password validators
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/8778 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/8779 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/589f7… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/d1ef3… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T20:29:54.867462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T20:30:00.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.30"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django\u0027s AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot\u0027s nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521: Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T19:27:29.903Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-xmpv-j7p2-j873"
},
{
"name": "https://github.com/nautobot/nautobot/pull/8778",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/8778"
},
{
"name": "https://github.com/nautobot/nautobot/pull/8779",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/8779"
},
{
"name": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/589f7caf54124ad76bc9fcbb7bdcaa25627cd598"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d1ef3135aa02fa07de061e8c085f8cce425fe8c9"
}
],
"source": {
"advisory": "GHSA-xmpv-j7p2-j873",
"discovery": "UNKNOWN"
},
"title": "Nautobot: Management of users via REST API does not apply configured password validators"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34203",
"datePublished": "2026-03-31T19:27:29.903Z",
"dateReserved": "2026-03-26T15:57:52.323Z",
"dateUpdated": "2026-03-31T20:30:00.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62607 (GCVE-0-2025-62607)
Vulnerability from cvelistv5 – Published: 2025-10-22 15:40 – Updated: 2025-10-22 16:05
VLAI
Title
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Summary
Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page. This issue has been patched in version 3.10.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot-app-ssot/sec… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot-app-ssot/com… | x_refsource_MISC |
| https://github.com/nautobot/nautobot-app-ssot/rel… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nautobot | nautobot-app-ssot |
Affected:
< 3.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T16:05:41.837662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T16:05:50.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot-app-ssot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot Single Source of Truth (SSoT) is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page. This issue has been patched in version 3.10.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:40:46.355Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/security/advisories/GHSA-535g-62r7-cx6v"
},
{
"name": "https://github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/commit/1530d25cdeb929641ec47644f9a0a1d9d41e1cb8"
},
{
"name": "https://github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot-app-ssot/releases/tag/v3.10.0"
}
],
"source": {
"advisory": "GHSA-535g-62r7-cx6v",
"discovery": "UNKNOWN"
},
"title": "Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62607",
"datePublished": "2025-10-22T15:40:46.355Z",
"dateReserved": "2025-10-16T19:24:37.268Z",
"dateUpdated": "2025-10-22T16:05:50.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49143 (GCVE-0-2025-49143)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:43 – Updated: 2025-06-10 18:12
VLAI
Title
Nautobot may allows uploaded media files to be accessible without authentication
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/6672 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/6703 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/9c892… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/d99a5… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:58:15.965698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:12:01.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot\u0027s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:43:59.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6672"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6703",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6703"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95"
}
],
"source": {
"advisory": "GHSA-rh67-4c8j-hjjh",
"discovery": "UNKNOWN"
},
"title": "Nautobot may allows uploaded media files to be accessible without authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49143",
"datePublished": "2025-06-10T15:43:59.225Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T18:12:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49142 (GCVE-0-2025-49142)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:40 – Updated: 2025-06-10 17:10
VLAI
Title
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/7417 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/7429 | x_refsource_MISC |
| https://docs.djangoproject.com/en/4.2/ref/templat… | x_refsource_MISC |
| https://jinja.palletsprojects.com/en/stable/sandbox | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T17:10:17.082932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:10:21.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:40:21.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7417",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7417"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7429"
},
{
"name": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description"
},
{
"name": "https://jinja.palletsprojects.com/en/stable/sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://jinja.palletsprojects.com/en/stable/sandbox"
}
],
"source": {
"advisory": "GHSA-wjw6-95h5-4jpx",
"discovery": "UNKNOWN"
},
"title": "Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49142",
"datePublished": "2025-06-10T15:40:21.105Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T17:10:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36112 (GCVE-0-2024-36112)
Vulnerability from cvelistv5 – Published: 2024-05-28 22:26 – Updated: 2024-08-02 03:30
VLAI
Title
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5757 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5762 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:59:52.272021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:49:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.23"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/\u003cuuid\u003e/`) and/or the members REST API view (`/api/extras/dynamic-groups/\u003cuuid\u003e/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\u0027s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T22:26:12.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"source": {
"advisory": "GHSA-qmjf-wc2h-6x3q",
"discovery": "UNKNOWN"
},
"title": "Nautobot dynamic-group-members doesn\u0027t enforce permission restrictions on member objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36112",
"datePublished": "2024-05-28T22:26:12.487Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34707 (GCVE-0-2024-34707)
Vulnerability from cvelistv5 – Published: 2024-05-13 19:22 – Updated: 2024-08-02 02:59
VLAI
Title
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5697 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5698 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/4f0a6… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/f640a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:20:33.233925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.22"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:22:41.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"source": {
"advisory": "GHSA-r2hr-4v48-fjv3",
"discovery": "UNKNOWN"
},
"title": "Nautobot\u0027s BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34707",
"datePublished": "2024-05-13T19:22:41.202Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32979 (GCVE-0-2024-32979)
Vulnerability from cvelistv5 – Published: 2024-05-01 10:49 – Updated: 2024-08-02 02:27
VLAI
Title
Reflected Cross-site Scripting potential in all object list views in Nautobot
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5646 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5647 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/42440… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| nautobot | nautobot |
Affected:
< 1.6.20
Affected: >= 2.0.0, < 2.2.3 |
|
| networktocode | nautobot |
Affected:
0 , < 1.6.20
(custom)
cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:* |
|
| networktocode | nautobot |
Affected:
2.0.0 , ≤ 2.2.3
(custom)
cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThan": "1.6.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T16:56:47.104819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:15:30.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.20"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T10:49:56.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"source": {
"advisory": "GHSA-jxgr-gcj5-cqqg",
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-site Scripting potential in all object list views in Nautobot"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32979",
"datePublished": "2024-05-01T10:49:56.643Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29199 (GCVE-0-2024-29199)
Vulnerability from cvelistv5 – Published: 2024-03-26 03:08 – Updated: 2024-08-02 16:13
VLAI
Title
Unauthenticated views may expose information to anonymous users
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5464 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5465 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/2fd95… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/dd623… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/releases/tag… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:13:02.596894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:13:27.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.16"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:08:21.873Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"source": {
"advisory": "GHSA-m732-wvh2-7cq4",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated views may expose information to anonymous users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29199",
"datePublished": "2024-03-26T03:08:21.873Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-02T16:13:27.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23345 (GCVE-0-2024-23345)
Vulnerability from cvelistv5 – Published: 2024-01-22 23:14 – Updated: 2025-05-30 14:21
VLAI
Title
Nautobot has XSS potential in rendered Markdown fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/5133 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/5134 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/17eff… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/64312… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:16.603356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:21:39.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003c 1.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T23:14:52.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"source": {
"advisory": "GHSA-v4xv-795h-rv4h",
"discovery": "UNKNOWN"
},
"title": "Nautobot has XSS potential in rendered Markdown fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23345",
"datePublished": "2024-01-22T23:14:52.596Z",
"dateReserved": "2024-01-15T15:19:19.445Z",
"dateUpdated": "2025-05-30T14:21:39.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51649 (GCVE-0-2023-51649)
Vulnerability from cvelistv5 – Published: 2023-12-22 16:48 – Updated: 2024-08-02 22:40
VLAI
Title
Nautobot missing object-level permissions enforcement when running Job Buttons
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/issues/4988 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4993 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4995 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.14, \u003c 1.6.8"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T16:48:19.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"source": {
"advisory": "GHSA-vf5m-xrhm-v999",
"discovery": "UNKNOWN"
},
"title": "Nautobot missing object-level permissions enforcement when running Job Buttons"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51649",
"datePublished": "2023-12-22T16:48:19.711Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:33.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50263 (GCVE-0-2023-50263)
Vulnerability from cvelistv5 – Published: 2023-12-12 22:17 – Updated: 2024-08-02 22:16
VLAI
Title
Nautobot allows unauthenticated db-file-storage views
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs.
In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.
Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.
Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
Severity
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/nautobot/nautobot/security/adv… | x_refsource_CONFIRM |
| https://github.com/nautobot/nautobot/pull/4959 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/pull/4964 | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/45828… | x_refsource_MISC |
| https://github.com/nautobot/nautobot/commit/7c4cf… | x_refsource_MISC |
| https://github.com/victor-o-silva/db_file_storage… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.6.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot\u0027s `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T22:17:00.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"source": {
"advisory": "GHSA-75mc-3pjc-727q",
"discovery": "UNKNOWN"
},
"title": "Nautobot allows unauthenticated db-file-storage views"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50263",
"datePublished": "2023-12-12T22:17:00.858Z",
"dateReserved": "2023-12-05T20:42:59.379Z",
"dateUpdated": "2024-08-02T22:16:46.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}