GHSA-QMJF-WC2H-6X3Q Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ to list the...

PYSEC-2024-166

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ t...

PT-2024-26899 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions 1.3.0 through 1.6.22 Nautobot versions 2.0.0 through 2.2.4 Description: A user with extras.view dynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view...

Voice of the Customer: Walmart embraces the cloud with Azure Active Directory

Todays post was written by Sue Bohn, partner director of Program Management and Ben Byford and Gerald Corson, senior directors of Identity and Access Management at Walmart. Greetings! Im Sue Bohn, partner director of Program Management at Microsoft. Im an insatiable, lifelong learner and I lead t...

openSUSE Security Update : sudo (openSUSE-2016-1381)

This update for sudo fixes the following issues : - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 Sudo was updated to the package from...