4 matches found
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +26 more potentially affected by CVE-2023-50263 via nautobot (>=1.2.11 <=1.6.32)
nautobot PYPI version =1.2.11, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-50263 Source advisory: OSV:GHSA-75MC-3PJC-727Q...
nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-50263 via nautobot (=2.0.0)
nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-50263 Source advisory: OSV:PYSEC-2023-286...
CVE-2023-50263
CVE-2023-50263 (Nautobot) describes an information disclosure vulnerability where unauthenticated access to file storage URLs /files/get/?name=… and /files/download/?name=… is possible in Nautobot 1.x and 2.0.x before 1.6.7 and 2.0.6. The issue stems from the default Django-db-file-storage implem...
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...