CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

🗓️ 13 May 2024 19:41:22Reported by GitHub_MType

CVE-2024-34707 Nautobot BANNER configuration vulnerabilit

Reporter	Title	Published	Views	Family All 8
OSV	CVE-2024-34707	14 May 202415:39	–	osv
OSV	Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages	13 May 202419:59	–	osv
NVD	CVE-2024-34707	14 May 202415:39	–	nvd
RedhatCVE	CVE-2024-34707	5 Feb 202511:27	–	redhatcve
Veracode	Cross-Site Scripting (XSS)	14 May 202406:31	–	veracode
Github Security Blog	Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages	13 May 202419:59	–	github
CVE	CVE-2024-34707	14 May 202415:39	–	cve
Vulnrichment	CVE-2024-34707 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages	13 May 202419:22	–	vulnrichment

[
  {
    "vendor": "nautobot",
    "product": "nautobot",
    "versions": [
      {
        "version": "< 1.6.22",
        "status": "affected"
      },
      {
        "version": ">= 2.0.0, < 2.2.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423
github	www.github.com/nautobot/nautobot/pull/5698
github	www.github.com/nautobot/nautobot/pull/5697
github	www.github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3
github	www.github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2024 19:22Current

7.5High risk

Vulners AI Score7.5

CVSS37.5

EPSS0.00045

CWE-79