Lucene search
+L

5 matches found

vulnersosv
vulnersosv
added 2023/12/22 7:51 p.m.95 views

nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-51649 via nautobot (=2.0.0)

nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...

4.3CVSS5.8AI score0.00448EPSS
Exploits0
vulnersosv
vulnersosv
added 2023/12/22 7:51 p.m.6 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)

nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...

4.3CVSS5.8AI score0.00448EPSS
Exploits0
nvd
nvd
added 2023/12/22 5:15 p.m.28 views

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

4.3CVSS0.00448EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2023/12/22 5:15 p.m.5 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)

nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:PYSEC-2023-287...

4.3CVSS5.8AI score0.00448EPSS
Exploits0
cve
cve
added 2023/12/22 4:48 p.m.60 views

CVE-2023-51649

CVE-2023-51649 affects Nautobot, a Django-based network automation platform. The issue: when submitting a Job via a Job Button, only the model-level extras.run_job permission is enforced; object-level permissions (permission to run a specific Job) are not checked by the relevant URL/view. Result:...

4.3CVSS4.1AI score0.00448EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder