nautobot@2.0.2 vulnerabilities
Source of truth and network automation platform.
-
latest version
2.2.4
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
4 hours ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the nautobot package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling and escaping of user-provided query parameters. All filterable object-list views are vulnerable. How to fix Cross-site Scripting (XSS)? Upgrade |
[1.5.0,1.6.20)
[2.0.0,2.2.3)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure due to improper access control on several URL endpoints. An attacker can access sensitive information without authentication by exploiting endpoints that are improperly accessible to unauthenticated users. This includes endpoints that may disclose information about the system's authentication backend classes, supported secrets providers, and potentially sensitive logs associated with specific JobResults. Note: This is only exploitable if the Nautobot configuration variable How to fix Information Exposure? Upgrade |
[,1.6.16)
[2.0.0,2.1.9)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Improper Input Validation via the How to fix Improper Input Validation? Upgrade |
[2.0.0,2.1.2)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,1.6.10)
[2.0.0,2.1.2)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure where a failed git repo sync could expose sensitive token values in logging. When failing to sync to a repository requiring basic authentication, the failure details logs include the access token. How to fix Information Exposure? Upgrade |
[2.0.0,2.0.3)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to inadequate input sanitization in user-editable fields that support Markdown rendering. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by submitting specially crafted data. How to fix Cross-site Scripting (XSS)? Upgrade |
[,1.6.10)
[2.0.0,2.1.2)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control due to improper enforcement of object-level permissions in the How to fix Insufficient Granularity of Access Control? Upgrade |
[1.5.14,1.6.8)
[2.0.0,2.1.0)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor via the URLs How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade |
[1.1.0,1.6.7)
[2.0.0,2.0.6)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to incorrect usage of Django's How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? Upgrade |
[,1.6.6)
[2.0.0,2.0.5)
|
nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure via the REST API endpoints. An attacker can expose hashed user passwords stored in the database by using the Note: The information is not exposed during direct access to the Known impacted endpoints:
How to fix Information Exposure? Upgrade |
[2.0.0,2.0.3)
|