Lucene search
K

270 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/02 10:47 a.m.39 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24680 DESCRIPTION: Django is vulnerable to a denial of service,...

9.8CVSS8.2AI score0.32257EPSS
Exploits4Affected Software1
CVE
CVE
added 2024/03/26 3:8 a.m.57 views

CVE-2024-29199

CVE-2024-29199 affects Nautobot, where multiple URL endpoints were accessible to unauthenticated users due to default EXEMPT_VIEW_PERMISSIONS behavior. The root cause is improper access control exposing data unless permissions are explicitly granted. The vulnerability is mitigated by fixes in Nau...

5.3CVSS4AI score0.00628EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2024/01/23 12:15 a.m.22 views

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

4.9CVSS5.9AI score0.00433EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/01/22 11:14 p.m.203 views

CVE-2024-23345

Nautobot (Network Source of Truth and Network Automation Platform) versions prior to 1.6.10 and 2.1.2 are vulnerable to cross-site scripting (XSS) in any user-editable field that supports Markdown rendering due to inadequate input sanitization. The issue affects Markdown-enabled fields across the...

7.1CVSS5.1AI score0.00433EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/12/22 5:15 p.m.28 views

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

4.3CVSS0.00448EPSS
Exploits0References4
Prion
Prion
added 2023/12/22 5:15 p.m.15 views

Code injection

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

4CVSS6.9AI score0.00448EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/12/22 4:48 p.m.56 views

CVE-2023-51649

CVE-2023-51649 affects Nautobot, a Django-based network automation platform. The issue: when submitting a Job via a Job Button, only the model-level extras.run_job permission is enforced; object-level permissions (permission to run a specific Job) are not checked by the relevant URL/view. Result:...

4.3CVSS4.1AI score0.00448EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/15 2:31 p.m.83 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.4 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-4527 DESCRIPTION: glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the getaddrinfo function. By...

10CVSS10AI score0.81422EPSS
Exploits39Affected Software1
NVD
NVD
added 2023/12/12 11:15 p.m.25 views

CVE-2023-50263

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...

5.3CVSS0.00748EPSS
Exploits0References6
Prion
Prion
added 2023/11/22 4:15 p.m.15 views

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

4.9CVSS6.2AI score0.00543EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2023/11/22 3:15 p.m.71 views

CVE-2023-48705

Nautobot CVE-2023-48705 affects all Nautobot versions before 1.6.6 and before 2.0.5. Root cause: incorrect usage of Django’s mark_safe() when rendering certain user-authored content (e.g., custom links, job buttons, computed fields). Impact: attackers with permission to create or edit such conten...

7.1CVSS5.8AI score0.00543EPSS
Exploits0References7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 10:38 a.m.80 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

9.8CVSS10AI score0.76768EPSS
Exploits15Affected Software1
NVD
NVD
added 2023/10/25 6:17 p.m.44 views

CVE-2023-46128

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.3AI score0.00529EPSS
Exploits1References3
OSV
OSV
added 2023/10/25 6:17 p.m.47 views

PYSEC-2023-220

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.6AI score0.00529EPSS
Exploits1References3
Prion
Prion
added 2023/10/25 6:17 p.m.23 views

Code injection

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

4CVSS6.2AI score0.00529EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/24 2:17 p.m.13 views

CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.3AI score0.00529EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/10/24 2:17 p.m.44 views

CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.5AI score0.00529EPSS
Exploits1References3
CVE
CVE
added 2023/10/24 2:17 p.m.106 views

CVE-2023-46128

CVE-2023-46128 affects Nautobot (network automation platform built on Django) prior to version 2.0.3. In Nautobot 2.0.x, certain REST API endpoints, when used with the query parameter ?depth=, can cause authenticated users to retrieve hashed (not plaintext) passwords stored in the database. This ...

6.5CVSS6.2AI score0.00529EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/10/24 2:17 p.m.38 views

CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...

6.5CVSS6.3AI score0.00529EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 4:11 p.m.37 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.2 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.2 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-20859 DESCRIPTION: VMware Tanzu Spring Vault could allow a local authenticated attacker to obtain sensitive information, caused by the inserti...

9.8CVSS9.8AI score0.03465EPSS
Exploits3Affected Software1
Rows per page
Query Builder