5 matches found
CVE-2026-44794
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...
EUVD-2026-32955
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...
CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...
Nautobot 安全漏洞
Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the REST API, which failed to enforce user viewing permissions when creating or updating objects using...
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...