3 matches found
nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-46128 via nautobot (=2.0.0)
nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-46128 Source advisory: OSV:PYSEC-2023-220...
CVE-2023-46128 Exposure of hashed user passwords via REST API in Nautobot
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to...
CVE-2023-46128
CVE-2023-46128 affects Nautobot (network automation platform built on Django) prior to version 2.0.3. In Nautobot 2.0.x, certain REST API endpoints, when used with the query parameter ?depth=, can cause authenticated users to retrieve hashed (not plaintext) passwords stored in the database. This ...