Search criteria
36 vulnerabilities found for nautobot by networktocode
FKIE_CVE-2025-49143
Vulnerability from fkie_nvd - Published: 2025-06-10 16:15 - Updated: 2025-08-21 22:34
Severity ?
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543DA28E-7B2A-4481-A3FB-78DCBBD6BBA1",
"versionEndExcluding": "1.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F69273B-4513-4F74-A7E5-7E4DF6A0ADBC",
"versionEndExcluding": "2.4.10",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot\u0027s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint."
},
{
"lang": "es",
"value": "Nautobot es una fuente de confianza en red y una plataforma de automatizaci\u00f3n de red. En versiones anteriores a las versiones 2.4.10 y 1.6.32, los archivos subidos por los usuarios al directorio MEDIA_ROOT de Nautobot, incluyendo im\u00e1genes adjuntas de tipo de dispositivo, as\u00ed como im\u00e1genes adjuntas a una ubicaci\u00f3n, dispositivo o rack, se entregaban a los usuarios mediante un endpoint de URL que no aplicaba la autenticaci\u00f3n de usuario. Como consecuencia, estos archivos pod\u00edan ser recuperados por usuarios an\u00f3nimos que conoc\u00edan o pod\u00edan adivinar la URL correcta de un archivo determinado. Nautobot v2.4.10 y v1.6.32 solucionan este problema a\u00f1adiendo la aplicaci\u00f3n de la autenticaci\u00f3n de usuario de Nautobot a este endpoint."
}
],
"id": "CVE-2025-49143",
"lastModified": "2025-08-21T22:34:19.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T16:15:42.450",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/6672"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/6703"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-49142
Vulnerability from fkie_nvd - Published: 2025-06-10 16:15 - Updated: 2025-08-21 22:36
Severity ?
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "543DA28E-7B2A-4481-A3FB-78DCBBD6BBA1",
"versionEndExcluding": "1.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F69273B-4513-4F74-A7E5-7E4DF6A0ADBC",
"versionEndExcluding": "2.4.10",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users."
},
{
"lang": "es",
"value": "Nautobot es una fuente de confianza en red y una plataforma de automatizaci\u00f3n de red. Todos los usuarios de versiones de Nautobot anteriores a la 2.4.10 o a la 1.6.32 podr\u00edan verse afectados. Debido a una configuraci\u00f3n de seguridad insuficiente de la funci\u00f3n de plantillas Jinja2, utilizada en campos calculados, enlaces personalizados, etc., en Nautobot, un usuario malintencionado podr\u00eda configurar este conjunto de funciones de forma que exponga el valor de los secretos definidos en Nautobot al renderizar el contenido de la plantilla, o que invoque las API de Python para modificar datos dentro de Nautobot al renderizar dicho contenido, omitiendo as\u00ed los permisos de objeto asignados al usuario que lo visualiza. Las versiones 1.6.32 y 2.4.10 de Nautobot incluir\u00e1n correcciones para esta vulnerabilidad. Esta vulnerabilidad se puede mitigar parcialmente configurando adecuadamente los permisos de objeto para limitar ciertas acciones solo a usuarios de confianza."
}
],
"id": "CVE-2025-49142",
"lastModified": "2025-08-21T22:36:18.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-06-10T16:15:42.293",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/7417"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/7429"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://jinja.palletsprojects.com/en/stable/sandbox"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-36112
Vulnerability from fkie_nvd - Published: 2024-05-28 23:15 - Updated: 2025-08-26 16:21
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "032A92CF-D36A-49BC-8914-14A6E7226925",
"versionEndExcluding": "1.6.23",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD33860-5EA1-4006-A7F8-37ED0388B0B5",
"versionEndIncluding": "2.2.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/\u003cuuid\u003e/`) and/or the members REST API view (`/api/extras/dynamic-groups/\u003cuuid\u003e/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\u0027s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red. Un usuario con permisos para ver registros de grupos din\u00e1micos (permiso `extras.view_dynamicgroup`) puede usar la vista detallada de la interfaz de usuario del grupo din\u00e1mico (`/extras/dynamic-groups//`) y/o la vista API REST de los miembros (` /api/extras/dynamic-groups//members/`) para enumerar los objetos que son miembros de un grupo din\u00e1mico determinado. En las versiones de Nautobot entre 1.3.0 (donde se agreg\u00f3 la funci\u00f3n Grupos din\u00e1micos) y 1.6.22 incluida, y 2.0.0 a 2.2.4 incluida, Nautobot no puede restringir estos listados seg\u00fan los permisos de los objetos miembro, por ejemplo, un grupo din\u00e1mico. El grupo de objetos de Dispositivo enumerar\u00e1 todos los Dispositivos que contiene, independientemente de los permisos `dcim.view_device` del usuario o de la falta de ellos. Este problema se solucion\u00f3 en las versiones 1.6.23 y 2.2.5 de Nautobot. Se recomienda a los usuarios que actualicen. Esta vulnerabilidad se puede mitigar parcialmente eliminando el permiso `extras.view_dynamicgroup` de los usuarios; sin embargo, una soluci\u00f3n completa requerir\u00e1 una actualizaci\u00f3n."
}
],
"id": "CVE-2024-36112",
"lastModified": "2025-08-26T16:21:03.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-28T23:15:17.790",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-280"
},
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-34707
Vulnerability from fkie_nvd - Published: 2024-05-14 15:39 - Updated: 2025-08-26 16:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "874653B2-E8A9-468F-83FB-62C55FAAD853",
"versionEndExcluding": "1.6.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1E130B-18D5-4A29-949D-549103B3AC12",
"versionEndExcluding": "2.2.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red. Un usuario de Nautobot con privilegios de administrador puede modificar los ajustes de configuraci\u00f3n `BANNER_TOP`, `BANNER_BOTTOM` y `BANNER_LOGIN` a trav\u00e9s del endpoint `/admin/constance/config/`. Normalmente, estas configuraciones se usan para proporcionar texto de banner personalizado en la parte superior e inferior de todas las p\u00e1ginas web de Nautobot (o espec\u00edficamente en la p\u00e1gina de inicio de sesi\u00f3n en el caso de `BANNER_LOGIN`), pero se inform\u00f3 que un usuario administrador puede hacer uso de estas configuraciones para inyectar HTML arbitrario, exponiendo potencialmente a los usuarios de Nautobot a problemas de seguridad como Cross Site Scripting (XSS almacenados). La vulnerabilidad est\u00e1 solucionada en Nautobot 1.6.22 y 2.2.4."
}
],
"id": "CVE-2024-34707",
"lastModified": "2025-08-26T16:16:00.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T15:39:30.633",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-32979
Vulnerability from fkie_nvd - Published: 2024-05-01 11:15 - Updated: 2025-08-26 18:54
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A35DF33-E3B2-43F5-B670-3B1C4B5A8712",
"versionEndExcluding": "1.6.20",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F056B6-EFFE-4521-8F9E-02F7BBC9E6C4",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red creada como una aplicaci\u00f3n web sobre el framework Django Python con una base de datos PostgreSQL o MySQL. Se descubri\u00f3 que debido al manejo inadecuado y al escape de los par\u00e1metros de consulta proporcionados por el usuario, una URL de Nautobot manipulada con fines malintencionados podr\u00eda usarse para ejecutar un ataque de Cross-Site Scripting Reflejado (Reflected XSS) contra los usuarios. Todas las vistas de lista de objetos filtrables en Nautobot son vulnerables. Este problema se solucion\u00f3 en las versiones 1.6.20 y 2.2.3 de Nautobot. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-32979",
"lastModified": "2025-08-26T18:54:06.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-01T11:15:47.407",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-29199
Vulnerability from fkie_nvd - Published: 2024-03-26 03:15 - Updated: 2025-08-26 17:18
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD69F21F-1300-4595-A1E9-B9893B324185",
"versionEndExcluding": "1.6.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70943FA5-2BC9-416F-AA8F-CB7F7C19671C",
"versionEndExcluding": "2.1.9",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red. Se descubri\u00f3 que varios endpoints de URL de Nautobot no eran accesibles correctamente para usuarios no autenticados (an\u00f3nimos). Estos endpoints no revelar\u00e1n ning\u00fan dato de Nautobot a un usuario no autenticado a menos que la variable de configuraci\u00f3n de Nautobot EXEMPT_VIEW_PERMISSIONS se cambie de su valor predeterminado (una lista vac\u00eda) para permitir el acceso a datos espec\u00edficos por parte de usuarios no autenticados. Esta vulnerabilidad se solucion\u00f3 en 1.6.16 y 2.1.9."
}
],
"id": "CVE-2024-29199",
"lastModified": "2025-08-26T17:18:09.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-26T03:15:13.707",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-23345
Vulnerability from fkie_nvd - Published: 2024-01-23 00:15 - Updated: 2024-11-21 08:57
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B240ABD-D9C3-4C3F-969A-8D75BC9C0C13",
"versionEndExcluding": "1.6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "814D6EE3-ED3C-46D1-A5E9-6FF192CDE8B7",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red creada como una aplicaci\u00f3n web. Todos los usuarios de versiones de Nautobot anteriores a 1.6.10 o 2.1.2 se ven potencialmente afectados por una vulnerabilidad de cross-site scripting. Debido a una sanitizaci\u00f3n de entrada inadecuada, cualquier campo editable por el usuario que admita la representaci\u00f3n de Markdown, incluido el mismo, es potencialmente susceptible a ataques de cross-site scripting (XSS) a trav\u00e9s de datos creados con fines malintencionados. Este problema se solucion\u00f3 en las versiones 1.6.10 y 2.1.2 de Nautobot."
}
],
"id": "CVE-2024-23345",
"lastModified": "2024-11-21T08:57:33.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-23T00:15:26.690",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-51649
Vulnerability from fkie_nvd - Published: 2023-12-22 17:15 - Updated: 2024-11-21 08:38
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "882A82E9-9E77-42C7-9BF0-B9043343580F",
"versionEndExcluding": "1.6.8",
"versionStartIncluding": "1.5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFB640A-21BF-41F2-B824-50336FF393B0",
"versionEndExcluding": "2.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 "
},
{
"lang": "es",
"value": "Nautobot es una Network Automation Platform y Network Source of Truth creada como una aplicaci\u00f3n web sobre el framework Django Python con una base de datos PostgreSQL o MySQL. Al enviar un Job para ejecutar a trav\u00e9s de un bot\u00f3n de Job, solo se verifica el permiso `extras.run_job` a nivel de modelo (es decir, si el usuario tiene permiso para ejecutar Jobs en general). Los permisos a nivel de objeto (es decir, \u00bftiene el usuario permiso para ejecutar este trabajo espec\u00edfico?) no se aplican mediante la URL/vista utilizada en este caso. Un usuario con permisos para ejecutar incluso un solo Job puede ejecutar todos los Jobs de JobButton configurados. La soluci\u00f3n estar\u00e1 disponible en Nautobot 1.6.8 y 2.1.0"
}
],
"id": "CVE-2023-51649",
"lastModified": "2024-11-21T08:38:32.163",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-22T17:15:10.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-50263
Vulnerability from fkie_nvd - Published: 2023-12-12 23:15 - Updated: 2024-11-21 08:36
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs.
In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.
Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.
Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCAD089B-3887-4A3D-9CA2-E41E228AE00D",
"versionEndExcluding": "1.6.7",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA18E157-199E-4267-9090-0C8390B1DB98",
"versionEndExcluding": "2.0.6",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot\u0027s `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de redes y fuente de verdad de red creada como una aplicaci\u00f3n web sobre el framework Django Python con una base de datos PostgreSQL o MySQL. En Nautobot 1.x y 2.0.x anteriores a 1.6.7 y 2.0.6, se utilizan las URL `/files/get/?name=...` y `/files/download/?name=...` para proporcionar acceso de administrador a los archivos que se han cargado como parte de una solicitud de ejecuci\u00f3n para un trabajo que tiene entradas FileVar. En condiciones normales de funcionamiento, estos archivos son ef\u00edmeros y se eliminan una vez que se ejecuta el trabajo en cuesti\u00f3n. En la implementaci\u00f3n predeterminada utilizada en Nautobot, proporcionada por `django-db-file-storage`, estas URL no requieren de forma predeterminada ninguna autenticaci\u00f3n de usuario para acceder; en su lugar, deber\u00edan restringirse \u00fanicamente a los usuarios que tengan permisos para ver las instancias del modelo `FileProxy` de Nautobot. Tenga en cuenta que no se proporciona ning\u00fan mecanismo de URL para enumerar o recorrer los valores de \"nombre\" de archivos disponibles, por lo que en la pr\u00e1ctica un usuario no autenticado tendr\u00eda que adivinar nombres para descubrir archivos arbitrarios para descargar, pero si un usuario conoce el nombre del archivo/valor de ruta, pueden acceder a \u00e9l sin autenticarse, por lo que consideramos esto una vulnerabilidad. Las correcciones se incluyen en Nautobot 1.6.7 y Nautobot 2.0.6. No hay workarounds disponibles aparte de aplicar los parches incluidos en esas versiones."
}
],
"id": "CVE-2023-50263",
"lastModified": "2024-11-21T08:36:46.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-12T23:15:07.270",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-48705
Vulnerability from fkie_nvd - Published: 2023-11-22 16:15 - Updated: 2024-11-21 08:32
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| networktocode | nautobot | * | |
| networktocode | nautobot | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB340A94-5C6A-45D2-B2DA-641084D4B9E0",
"versionEndExcluding": "1.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA9BE2A-BB72-4EFE-A376-B91223E0F6F0",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django\u0027s `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available."
},
{
"lang": "es",
"value": "Nautobot es una plataforma de automatizaci\u00f3n de red y fuente de verdad de red creada como una aplicaci\u00f3n web. Todos los usuarios de versiones de Nautobot anteriores a 1.6.6 o 2.0.5 se ven potencialmente afectados por una vulnerabilidad de cross-site scripting. Debido al uso incorrecto de la API `mark_safe()` de Django al representar ciertos tipos de contenido escrito por el usuario; incluidos enlaces personalizados, botones de trabajo y campos calculados; Es posible que los usuarios con permiso para crear o editar este tipo de contenido puedan crear un payload malicioso (como c\u00f3digo JavaScript) que se ejecutar\u00eda al representar p\u00e1ginas que contengan este contenido. Los mantenedores han solucionado los usos incorrectos de `mark_safe()` (generalmente reemplaz\u00e1ndolos con el uso apropiado de `format_html()`) para evitar que se ejecuten dichos datos maliciosos. Los usuarios de Nautobot 1.6.x LTM deben actualizar a v1.6.6 y los usuarios de Nautobot 2.0.x deben actualizar a v2.0.5. Se pueden y se deben aplicar permisos de objetos apropiados para restringir qu\u00e9 usuarios pueden crear o editar los tipos de contenido escritos por el usuario antes mencionados. Aparte de eso, no existe ning\u00fan workaround directo disponible."
}
],
"id": "CVE-2023-48705",
"lastModified": "2024-11-21T08:32:17.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.3,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-22T16:15:09.627",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2025-49143 (GCVE-0-2025-49143)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:43 – Updated: 2025-06-10 18:12
VLAI?
Title
Nautobot may allows uploaded media files to be accessible without authentication
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:58:15.965698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:12:01.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot\u0027s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:43:59.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6672"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6703",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6703"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95"
}
],
"source": {
"advisory": "GHSA-rh67-4c8j-hjjh",
"discovery": "UNKNOWN"
},
"title": "Nautobot may allows uploaded media files to be accessible without authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49143",
"datePublished": "2025-06-10T15:43:59.225Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T18:12:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49142 (GCVE-0-2025-49142)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:40 – Updated: 2025-06-10 17:10
VLAI?
Title
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
Severity ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T17:10:17.082932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:10:21.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:40:21.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7417",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7417"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7429"
},
{
"name": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description"
},
{
"name": "https://jinja.palletsprojects.com/en/stable/sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://jinja.palletsprojects.com/en/stable/sandbox"
}
],
"source": {
"advisory": "GHSA-wjw6-95h5-4jpx",
"discovery": "UNKNOWN"
},
"title": "Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49142",
"datePublished": "2025-06-10T15:40:21.105Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T17:10:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36112 (GCVE-0-2024-36112)
Vulnerability from cvelistv5 – Published: 2024-05-28 22:26 – Updated: 2024-08-02 03:30
VLAI?
Title
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:59:52.272021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:49:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.23"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/\u003cuuid\u003e/`) and/or the members REST API view (`/api/extras/dynamic-groups/\u003cuuid\u003e/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\u0027s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T22:26:12.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"source": {
"advisory": "GHSA-qmjf-wc2h-6x3q",
"discovery": "UNKNOWN"
},
"title": "Nautobot dynamic-group-members doesn\u0027t enforce permission restrictions on member objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36112",
"datePublished": "2024-05-28T22:26:12.487Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34707 (GCVE-0-2024-34707)
Vulnerability from cvelistv5 – Published: 2024-05-13 19:22 – Updated: 2024-08-02 02:59
VLAI?
Title
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:20:33.233925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.22"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:22:41.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"source": {
"advisory": "GHSA-r2hr-4v48-fjv3",
"discovery": "UNKNOWN"
},
"title": "Nautobot\u0027s BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34707",
"datePublished": "2024-05-13T19:22:41.202Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32979 (GCVE-0-2024-32979)
Vulnerability from cvelistv5 – Published: 2024-05-01 10:49 – Updated: 2024-08-02 02:27
VLAI?
Title
Reflected Cross-site Scripting potential in all object list views in Nautobot
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThan": "1.6.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T16:56:47.104819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:15:30.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.20"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T10:49:56.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"source": {
"advisory": "GHSA-jxgr-gcj5-cqqg",
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-site Scripting potential in all object list views in Nautobot"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32979",
"datePublished": "2024-05-01T10:49:56.643Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29199 (GCVE-0-2024-29199)
Vulnerability from cvelistv5 – Published: 2024-03-26 03:08 – Updated: 2024-08-02 16:13
VLAI?
Title
Unauthenticated views may expose information to anonymous users
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:13:02.596894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:13:27.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.16"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:08:21.873Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"source": {
"advisory": "GHSA-m732-wvh2-7cq4",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated views may expose information to anonymous users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29199",
"datePublished": "2024-03-26T03:08:21.873Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-02T16:13:27.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23345 (GCVE-0-2024-23345)
Vulnerability from cvelistv5 – Published: 2024-01-22 23:14 – Updated: 2025-05-30 14:21
VLAI?
Title
Nautobot has XSS potential in rendered Markdown fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:16.603356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:21:39.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003c 1.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T23:14:52.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"source": {
"advisory": "GHSA-v4xv-795h-rv4h",
"discovery": "UNKNOWN"
},
"title": "Nautobot has XSS potential in rendered Markdown fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23345",
"datePublished": "2024-01-22T23:14:52.596Z",
"dateReserved": "2024-01-15T15:19:19.445Z",
"dateUpdated": "2025-05-30T14:21:39.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51649 (GCVE-0-2023-51649)
Vulnerability from cvelistv5 – Published: 2023-12-22 16:48 – Updated: 2024-08-02 22:40
VLAI?
Title
Nautobot missing object-level permissions enforcement when running Job Buttons
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.14, \u003c 1.6.8"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T16:48:19.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"source": {
"advisory": "GHSA-vf5m-xrhm-v999",
"discovery": "UNKNOWN"
},
"title": "Nautobot missing object-level permissions enforcement when running Job Buttons"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51649",
"datePublished": "2023-12-22T16:48:19.711Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:33.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50263 (GCVE-0-2023-50263)
Vulnerability from cvelistv5 – Published: 2023-12-12 22:17 – Updated: 2024-08-02 22:16
VLAI?
Title
Nautobot allows unauthenticated db-file-storage views
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs.
In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.
Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.
Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.6.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot\u0027s `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T22:17:00.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"source": {
"advisory": "GHSA-75mc-3pjc-727q",
"discovery": "UNKNOWN"
},
"title": "Nautobot allows unauthenticated db-file-storage views"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50263",
"datePublished": "2023-12-12T22:17:00.858Z",
"dateReserved": "2023-12-05T20:42:59.379Z",
"dateUpdated": "2024-08-02T22:16:46.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48705 (GCVE-0-2023-48705)
Vulnerability from cvelistv5 – Published: 2023-11-22 15:15 – Updated: 2024-08-02 21:37
VLAI?
Title
nautobot has XSS potential in custom links, job buttons, and computed fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4832",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4833",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"name": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"name": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.6"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django\u0027s `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T15:15:06.189Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4832",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4833",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"name": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"name": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
}
],
"source": {
"advisory": "GHSA-cf9f-wmhp-v4pr",
"discovery": "UNKNOWN"
},
"title": "nautobot has XSS potential in custom links, job buttons, and computed fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48705",
"datePublished": "2023-11-22T15:15:06.189Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49143 (GCVE-0-2025-49143)
Vulnerability from nvd – Published: 2025-06-10 15:43 – Updated: 2025-06-10 18:12
VLAI?
Title
Nautobot may allows uploaded media files to be accessible without authentication
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:58:15.965698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T18:12:01.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot\u0027s MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:43:59.225Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-rh67-4c8j-hjjh"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6672",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6672"
},
{
"name": "https://github.com/nautobot/nautobot/pull/6703",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/6703"
},
{
"name": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340"
},
{
"name": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95"
}
],
"source": {
"advisory": "GHSA-rh67-4c8j-hjjh",
"discovery": "UNKNOWN"
},
"title": "Nautobot may allows uploaded media files to be accessible without authentication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49143",
"datePublished": "2025-06-10T15:43:59.225Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T18:12:01.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49142 (GCVE-0-2025-49142)
Vulnerability from nvd – Published: 2025-06-10 15:40 – Updated: 2025-06-10 17:10
VLAI?
Title
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users.
Severity ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49142",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T17:10:17.082932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T17:10:21.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered or that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user. Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability. The vulnerability can be partially mitigated by configuring object permissions appropriately to limit certain actions to only trusted users."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:40:21.105Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-wjw6-95h5-4jpx"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7417",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7417"
},
{
"name": "https://github.com/nautobot/nautobot/pull/7429",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/7429"
},
{
"name": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description"
},
{
"name": "https://jinja.palletsprojects.com/en/stable/sandbox",
"tags": [
"x_refsource_MISC"
],
"url": "https://jinja.palletsprojects.com/en/stable/sandbox"
}
],
"source": {
"advisory": "GHSA-wjw6-95h5-4jpx",
"discovery": "UNKNOWN"
},
"title": "Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49142",
"datePublished": "2025-06-10T15:40:21.105Z",
"dateReserved": "2025-06-02T10:39:41.634Z",
"dateUpdated": "2025-06-10T17:10:21.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36112 (GCVE-0-2024-36112)
Vulnerability from nvd – Published: 2024-05-28 22:26 – Updated: 2024-08-02 03:30
VLAI?
Title
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T12:59:52.272021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T20:49:26.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.6.23"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/\u003cuuid\u003e/`) and/or the members REST API view (`/api/extras/dynamic-groups/\u003cuuid\u003e/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\u0027s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T22:26:12.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5757"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5762",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5762"
}
],
"source": {
"advisory": "GHSA-qmjf-wc2h-6x3q",
"discovery": "UNKNOWN"
},
"title": "Nautobot dynamic-group-members doesn\u0027t enforce permission restrictions on member objects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-36112",
"datePublished": "2024-05-28T22:26:12.487Z",
"dateReserved": "2024-05-20T21:07:48.187Z",
"dateUpdated": "2024-08-02T03:30:13.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34707 (GCVE-0-2024-34707)
Vulnerability from nvd – Published: 2024-05-13 19:22 – Updated: 2024-08-02 02:59
VLAI?
Title
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T15:20:33.233925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:11.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:59:22.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.22"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T19:22:41.202Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5697",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5697"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5698"
},
{
"name": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c"
},
{
"name": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423"
}
],
"source": {
"advisory": "GHSA-r2hr-4v48-fjv3",
"discovery": "UNKNOWN"
},
"title": "Nautobot\u0027s BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-34707",
"datePublished": "2024-05-13T19:22:41.202Z",
"dateReserved": "2024-05-07T13:53:00.133Z",
"dateUpdated": "2024-08-02T02:59:22.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32979 (GCVE-0-2024-32979)
Vulnerability from nvd – Published: 2024-05-01 10:49 – Updated: 2024-08-02 02:27
VLAI?
Title
Reflected Cross-site Scripting potential in all object list views in Nautobot
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
Severity ?
7.5 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThan": "1.6.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:networktocode:nautobot:2.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nautobot",
"vendor": "networktocode",
"versions": [
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T16:56:47.104819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:15:30.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:27:53.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.20"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T10:49:56.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5646",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5646"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5647",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5647"
},
{
"name": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e"
}
],
"source": {
"advisory": "GHSA-jxgr-gcj5-cqqg",
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-site Scripting potential in all object list views in Nautobot"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-32979",
"datePublished": "2024-05-01T10:49:56.643Z",
"dateReserved": "2024-04-22T15:14:59.166Z",
"dateUpdated": "2024-08-02T02:27:53.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29199 (GCVE-0-2024-29199)
Vulnerability from nvd – Published: 2024-03-26 03:08 – Updated: 2024-08-02 16:13
VLAI?
Title
Unauthenticated views may expose information to anonymous users
Summary
Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T16:13:02.596894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T16:13:27.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.16"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T03:08:21.873Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5464",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5464"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5465",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5465"
},
{
"name": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750"
},
{
"name": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v1.6.16"
},
{
"name": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/releases/tag/v2.1.9"
}
],
"source": {
"advisory": "GHSA-m732-wvh2-7cq4",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated views may expose information to anonymous users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-29199",
"datePublished": "2024-03-26T03:08:21.873Z",
"dateReserved": "2024-03-18T17:07:00.095Z",
"dateUpdated": "2024-08-02T16:13:27.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23345 (GCVE-0-2024-23345)
Vulnerability from nvd – Published: 2024-01-22 23:14 – Updated: 2025-05-30 14:21
VLAI?
Title
Nautobot has XSS potential in rendered Markdown fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:16.603356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:21:39.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.2"
},
{
"status": "affected",
"version": "\u003c 1.6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T23:14:52.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5133",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5133"
},
{
"name": "https://github.com/nautobot/nautobot/pull/5134",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/5134"
},
{
"name": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80"
},
{
"name": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce"
}
],
"source": {
"advisory": "GHSA-v4xv-795h-rv4h",
"discovery": "UNKNOWN"
},
"title": "Nautobot has XSS potential in rendered Markdown fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23345",
"datePublished": "2024-01-22T23:14:52.596Z",
"dateReserved": "2024-01-15T15:19:19.445Z",
"dateUpdated": "2025-05-30T14:21:39.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51649 (GCVE-0-2023-51649)
Vulnerability from nvd – Published: 2023-12-22 16:48 – Updated: 2024-08-02 22:40
VLAI?
Title
Nautobot missing object-level permissions enforcement when running Job Buttons
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0
Severity ?
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:40:33.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5.14, \u003c 1.6.8"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T16:48:19.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-vf5m-xrhm-v999"
},
{
"name": "https://github.com/nautobot/nautobot/issues/4988",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/issues/4988"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4993",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4993"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4995",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4995"
}
],
"source": {
"advisory": "GHSA-vf5m-xrhm-v999",
"discovery": "UNKNOWN"
},
"title": "Nautobot missing object-level permissions enforcement when running Job Buttons"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-51649",
"datePublished": "2023-12-22T16:48:19.711Z",
"dateReserved": "2023-12-20T22:12:04.737Z",
"dateUpdated": "2024-08-02T22:40:33.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50263 (GCVE-0-2023-50263)
Vulnerability from nvd – Published: 2023-12-12 22:17 – Updated: 2024-08-02 22:16
VLAI?
Title
Nautobot allows unauthenticated db-file-storage views
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs.
In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances.
Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.
Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1.0, \u003c 1.6.7"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. \n\nIn the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot\u0027s `FileProxy` model instances.\n\nNote that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability.\n\nFixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T22:17:00.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-75mc-3pjc-727q"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4959",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4959"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4964",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4964"
},
{
"name": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/458280c359a4833a20da294eaf4b8d55edc91cee"
},
{
"name": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/7c4cf3137f45f1541f09f2f6a7f8850cd3a2eaee"
},
{
"name": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/victor-o-silva/db_file_storage/blob/master/db_file_storage/views.py"
}
],
"source": {
"advisory": "GHSA-75mc-3pjc-727q",
"discovery": "UNKNOWN"
},
"title": "Nautobot allows unauthenticated db-file-storage views"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50263",
"datePublished": "2023-12-12T22:17:00.858Z",
"dateReserved": "2023-12-05T20:42:59.379Z",
"dateUpdated": "2024-08-02T22:16:46.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48705 (GCVE-0-2023-48705)
Vulnerability from nvd – Published: 2023-11-22 15:15 – Updated: 2024-08-02 21:37
VLAI?
Title
nautobot has XSS potential in custom links, job buttons, and computed fields
Summary
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4832",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4833",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"name": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"name": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nautobot",
"vendor": "nautobot",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.6"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django\u0027s `mark_safe()` API when rendering certain types of user-authored content; including custom links, job buttons, and computed fields; it is possible that users with permission to create or edit these types of content could craft a malicious payload (such as JavaScript code) that would be executed when rendering pages containing this content. The maintainers have fixed the incorrect uses of `mark_safe()` (generally by replacing them with appropriate use of `format_html()` instead) to prevent such malicious data from being executed. Users on Nautobot 1.6.x LTM should upgrade to v1.6.6 and users on Nautobot 2.0.x should upgrade to v2.0.5. Appropriate object permissions can and should be applied to restrict which users are permitted to create or edit the aforementioned types of user-authored content. Other than that, there is no direct workaround available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-22T15:15:06.189Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-cf9f-wmhp-v4pr"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4832",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4832"
},
{
"name": "https://github.com/nautobot/nautobot/pull/4833",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/pull/4833"
},
{
"name": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/362850f5a94689a4c75e3188bf6de826c3b012b2"
},
{
"name": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nautobot/nautobot/commit/54abe23331b6c3d0d82bf1b028c679b1d200920d"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.html.format_html"
},
{
"name": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe",
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.djangoproject.com/en/3.2/ref/utils/#django.utils.safestring.mark_safe"
}
],
"source": {
"advisory": "GHSA-cf9f-wmhp-v4pr",
"discovery": "UNKNOWN"
},
"title": "nautobot has XSS potential in custom links, job buttons, and computed fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48705",
"datePublished": "2023-11-22T15:15:06.189Z",
"dateReserved": "2023-11-17T19:43:37.554Z",
"dateUpdated": "2024-08-02T21:37:54.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}