Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2024/05/29 6:40 p.m.2 views

nautobot-device-resources (=1.0.0), nautobot-ssot (>=2.0.0 <=2.5.0) potentially affected by CVE-2024-36112 via nautobot (>=2.0.0 <=2.2.0)

nautobot PYPI version =2.0.0, =2.0.0, =2.5.0 Source cves: CVE-2024-36112 Source advisory: OSV:GHSA-QMJF-WC2H-6X3Q...

6.5CVSS6.5AI score0.00398EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/29 6:40 p.m.5 views

nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0), nautobot-chatops-meraki (>=1.1.0 <=1.2.0) +2 more potentially affected by CVE-2024-36112 via nautobot (=1.5.16)

nautobot PYPI version =1.5.16 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-chatops-arista-cloudvision =1.0.1, =1.1.0, =1.5.0, =1.6.0 Source cves: CVE-2024-36112 Source advisory: OSV:GHSA-QMJF-WC2H-6X3Q...

6.5CVSS6.5AI score0.00398EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/28 11:15 p.m.4 views

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +1 more potentially affected by CVE-2024-36112 via nautobot (>=2.0.0 <=2.2.9)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 Source cves: CVE-2024-36112 Source advisory: OSV:PYSEC-2024-166...

6.5CVSS6.5AI score0.00398EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/28 10:26 p.m.14 views

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...

6.3CVSS6.7AI score0.00398EPSS
Exploits0References3
CVE
CVE
added 2024/05/28 10:26 p.m.104 views

CVE-2024-36112

CVE-2024-36112 affects Nautobot: in 1.3.0–1.6.22 and 2.0.0–2.2.4, listing members of Dynamic Groups via the UI or API does not enforce member-object permissions, enabling a user with extras.view_dynamicgroup to see all Group members regardless of dcim.view_device. Fixed in Nautobot 1.6.23 and 2.2...

6.5CVSS6.2AI score0.00398EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder