CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

Nautobot missing object-level permissions enforcement when running Job Buttons

Impact When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have permission to run Jobs in general?. Object-level permissions i.e., does the user have permission to run this specific Job? are not enforced by the URL/view used ...

PYSEC-2023-287

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

CVE-2023-51649 Nautobot missing object-level permissions enforcement when running Job Buttons

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

PT-2023-31867 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 1.6.8 Nautobot versions prior to 2.1.0 Description: Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL...

Nautobot Security Vulnerability

Nautobot is a web automation platform from the individual developers of Nautobot. A security vulnerability exists in Nautobot version 1.5.14 and earlier, which stems from not checking object-level permissions when submitting a job to be run via the Job Button...