5 matches found
nautobot-device-resources (=1.0.0) potentially affected by CVE-2023-51649 via nautobot (=2.0.0)
nautobot PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-device-resources =1.0.0 Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)
nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...
CVE-2023-51649
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...
nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)
nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:PYSEC-2023-287...
CVE-2023-51649
CVE-2023-51649 affects Nautobot, a Django-based network automation platform. The issue: when submitting a Job via a Job Button, only the model-level extras.run_job permission is enforced; object-level permissions (permission to run a specific Job) are not checked by the relevant URL/view. Result:...