Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44834
HistoryDec 26, 2023 - 8:18 a.m.

Incorrect Authorization

2023-12-2608:18:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
nautobot
vulnerability
missing authorization
jobbutton jobs
permissions

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

Nautobot is vulnerable to Missing Authorization. The vulnerability is due to a lack of proper enforcement of object-level permissions when submitting a job to run. This could allow an attacker with permissions to run only a single job to run all configured JobButton Jobs.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

Related for VERACODE:44834