Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Externally-Accessible File or Directory nautobot-ssot is a Nautobot Single Source of Truth Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory by placing the Service Now public instance name e.g. `companyname.service-now.com` in a generic django view with no authentication. Note: This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com. An unauthenticated member would not be able to change the instance name, nor set a Secret. There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page. How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory? Upgrade `nautobot-ssot` to version 3.10.0 or higher.	[,3.10.0)

Insertion of Sensitive Information into Externally-Accessible File or Directory

nautobot-ssot is a Nautobot Single Source of Truth

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory by placing the Service Now public instance name e.g. companyname.service-now.com in a generic django view with no authentication.

Note:

This does not expose the Secret, the Secret Name, or the Secret Value for the Username/Password for Service-Now.com.
An unauthenticated member would not be able to change the instance name, nor set a Secret.
There is not a way to gain access to other pages Nautobot through the unauthenticated Configuration page.

How to fix Insertion of Sensitive Information into Externally-Accessible File or Directory?

Upgrade nautobot-ssot to version 3.10.0 or higher.

[,3.10.0)

Go back to all versions of this package