Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2023/12/13 1:35 p.m.3 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +26 more potentially affected by CVE-2023-50263 via nautobot (>=1.2.11 <=1.6.32)

nautobot PYPI version =1.2.11, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-50263 Source advisory: OSV:GHSA-75MC-3PJC-727Q...

5.3CVSS6AI score0.00748EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/12 11:15 p.m.9 views

nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-50263 via nautobot (=2.0.0)

nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-50263 Source advisory: OSV:PYSEC-2023-286...

5.3CVSS6AI score0.00748EPSS
Exploits0
CVE
CVE
added 2023/12/12 10:17 p.m.51 views

CVE-2023-50263

CVE-2023-50263 (Nautobot) describes an information disclosure vulnerability where unauthenticated access to file storage URLs /files/get/?name=… and /files/download/?name=… is possible in Nautobot 1.x and 2.0.x before 1.6.7 and 2.0.6. The issue stems from the default Django-db-file-storage implem...

5.3CVSS5.1AI score0.00748EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/12/12 10:17 p.m.18 views

CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...

3.7CVSS5.6AI score0.00748EPSS
Exploits0References8
Rows per page
Query Builder