Lucene search
PRIOn knowledge basePRION:CVE-2023-48700HistoryNov 21, 2023 - 11:15 p.m.
Code injection
2023-11-2123:15:00
PRIOn knowledge base
www.prio-n.com
5
code injection
nautobot device onboarding
netmiko library
napalm library
credentials exposure
version 2.0.0
version 3.0.0
database entries
mitigation recommendations
rotating credentials
The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nautobot-plugin-device-onboarding | ge | 2.0.0 | |
| nautobot-plugin-device-onboarding | lt | 3.0.0 |
Related
cve
cve
CVE-2023-48700
2023-11-21 23:15:08
github
github
Clear Text Credentials Exposed via Onboarding Task
2023-11-21 23:50:02
veracode
veracode
Clear Text Credentials Exposure
2023-11-22 05:52:11
cvelist
cvelist
CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task
2023-11-21 22:30:58
osv
osv
Clear Text Credentials Exposed via Onboarding Task
2023-11-21 23:50:02
CVE-2023-48700
2023-11-21 23:15:08
nvd
nvd
CVE-2023-48700
2023-11-21 23:15:08