Lucene search
PRIOn knowledge basePRION:CVE-2023-46128HistoryOct 25, 2023 - 6:17 p.m.
Code injection
2023-10-2518:17:00
PRIOn knowledge base
www.prio-n.com
9
code injection
nautobot
network automation
django python
rest api
hashed passwords
database vulnerability
patched
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth=<N> query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.
Related
osv
osv
PYSEC-2023-220
2023-10-25 18:17:00
Nautobot vulnerable to exposure of hashed user passwords via REST API
2023-10-24 19:25:24
CVE-2023-46128
2023-10-25 18:17:36
cvelist
cvelist
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
2023-10-24 14:17:52
nvd
nvd
CVE-2023-46128
2023-10-25 18:17:36
veracode
veracode
Password Disclsosure
2023-10-25 06:08:41
cve
cve
CVE-2023-46128
2023-10-25 18:17:36
github
github
Nautobot vulnerable to exposure of hashed user passwords via REST API
2023-10-24 19:25:24