nautobot@1.6.21 vulnerabilities

Source of truth and network automation platform.

Direct Vulnerabilities

Known vulnerabilities in the nautobot package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Improper Authorization through the extras.view_dynamicgroup permission and the Dynamic Group detail UI view or the members REST API view. An attacker can view objects that are members of a given Dynamic Group without the required dcim.view_device permissions.

How to fix Improper Authorization?

Upgrade nautobot to version 1.6.23, 2.2.5 or higher.

[1.3.0,1.6.23) [2.0.0,2.2.5)
  • H
Cross-site Scripting (XSS)

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings. An attacker can manipulate web content and execute scripts in the context of the user's browser by injecting arbitrary HTML content into these settings.

How to fix Cross-site Scripting (XSS)?

Upgrade nautobot to version 1.6.22, 2.2.4 or higher.

[,1.6.22) [2.0.0,2.2.4)