Veracode Vulnerability DatabaseVERACODE:46086Improper Access Control
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
10.3%
nautobot is vulnerable to Improper Access Control. The vulnerability is due to inadequate access control mechanisms where several Nautobot URL endpoints will not disclose any Nautobot data unless the configuration variable EXEMPT_VIEW_PERMISSIONS is modified from its default value, allowing unauthorized users to access resources or perform actions that should be restricted to privileged users.
References
github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750
github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb
github.com/nautobot/nautobot/pull/5464
github.com/nautobot/nautobot/pull/5465
github.com/nautobot/nautobot/releases/tag/v1.6.16
github.com/nautobot/nautobot/releases/tag/v2.1.9
github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
10.3%