Nautobot@* Security Vulnerabilities and Issues — Nautobot@* CVE List

Lucene search

NetworktocodeNautobot*

7 matches found

CVE•added 2024/01/23 12:15 a.m.•187 views

CVE-2024-23345

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support...

7.1CVSS5.1AI score0.00412EPSS

CVE•added 2023/10/25 6:17 p.m.•73 views

CVE-2023-46128

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to an...

6.5CVSS6.2AI score0.00209EPSS

CVE•added 2023/11/22 4:15 p.m.•48 views

CVE-2023-48705

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's mark_safe() API when rendering certain typ...

7.1CVSS5.8AI score0.00295EPSS

CVE•added 2023/02/21 9:15 p.m.•43 views

CVE-2023-25657

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the J...

9.8CVSS9.1AI score0.018EPSS

CVE•added 2023/12/22 5:15 p.m.•41 views

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have p...

4.3CVSS4.1AI score0.00103EPSS

CVE•added 2024/05/01 11:15 a.m.•39 views

CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL c...

7.5CVSS7.2AI score0.0017EPSS

CVE•added 2023/12/12 11:15 p.m.•38 views

CVE-2023-50263

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provide ...

5.3CVSS5.1AI score0.00449EPSS