RHEL 10 : go-fdo-client and go-fdo-server (RHSA-2026:22141)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22141 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...

RLSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

Important: Red Hat Security Advisory: go-fdo-client security update

An update for go-fdo-client is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ALSA-2026:19139 Important: go-fdo-client security update

go-fdo-client is the device-side implementation of FIDO Device Onboard specification in Go. It provides an FDO client that interacts with FDO manufacturer and owner servers to perform device on-boarding. Security Fixes: crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

RHEL 10 : go-fdo-server (RHSA-2026:19137)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19137 advisory. This package provides a server-side implementation of the FIDO Device Onboard FDO specification, written in Go. FDO is an open standard fo...

nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

EUVD-2024-54464

Malicious code in bioql PyPI...

CVE-2024-8100

The CVE-2024-8100 issue affects Arista CloudVision Portal (CVP on-prem). A time-bound device onboarding token can grant admin privileges to CloudVision, due to improper privilege management. Affected CVP versions include those in the 2024.x and earlier trains (as detailed by Arista’s advisory), w...

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +26 more potentially affected by CVE-2023-50263 via nautobot (>=1.2.11 <=1.6.32)

nautobot PYPI version =1.2.11, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-50263 Source advisory: OSV:PYSEC-2023-286...

Clear Text Credentials Exposed via Onboarding Task

Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...

CVE-2023-48700

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

Code injection

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

PYSEC-2023-288

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

CVE-2023-48700

The CVE-2023-48700 issue affects the Nautobot Device Onboarding plugin. In versions 2.0.0 through prior to 3.0.0, credentials supplied to onboarding tasks are exposed in Job Results, allowing clear-text credentials to be retrieved from database entries. Version 3.0.0 fixes the vulnerability. Miti...

Nautobot Security Vulnerability

Nautobot is a web automation platform for Nautobot individual developers. A security vulnerability exists in Nautobot Plugin Device Onboarding versions 2.0.0 through 3.0.0, which stems from the disclosure of plaintext credentials when an OnboardingTask is created...