8 matches found
CVE-2026-34203
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
Nautobot: Management of users via REST API does not apply configured password validators
Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...
CVE-2026-34203
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
CVE-2026-34203
Nautobot REST API user creation/editing before versions 2.4.30 and 3.0.10 does not enforce Django AUTH_PASSWORD_VALIDATORS, potentially allowing weak passwords. Affected: Nautobot prior to these patch versions; remediation: upgrade to 2.4.30 or 3.0.10 where password validation is applied."
CVE-2026-34203 Nautobot: Management of users via REST API does not apply configured password validators
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...
PT-2026-29333
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.30 Nautobot versions prior to 3.0.10 Description The application fails to enforce password validation rules defined by Django's AUTH PASSWORD VALIDATORS setting when creating or editing users via the REST API. Th...