nautobot@2.1.5 vulnerabilities

Source of truth and network automation platform.

latest version

2.2.4
latest non vulnerable version

2.2.4
first published

3 years ago
latest version published

5 hours ago
licenses detected
- Apache-2.0
  [0,)
View nautobot package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nautobot package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling and escaping of user-provided query parameters. All filterable object-list views are vulnerable. How to fix Cross-site Scripting (XSS)? Upgrade `nautobot` to version 1.6.20, 2.2.3 or higher.	[1.5.0,1.6.20) [2.0.0,2.2.3)
L Information Exposure nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure due to improper access control on several URL endpoints. An attacker can access sensitive information without authentication by exploiting endpoints that are improperly accessible to unauthenticated users. This includes endpoints that may disclose information about the system's authentication backend classes, supported secrets providers, and potentially sensitive logs associated with specific JobResults. Note: This is only exploitable if the Nautobot configuration variable `EXEMPT_VIEW_PERMISSIONS` is altered from its default value to permit access to specific data by unauthenticated users. How to fix Information Exposure? Upgrade `nautobot` to version 1.6.16, 2.1.9 or higher.	[,1.6.16) [2.0.0,2.1.9)

Cross-site Scripting (XSS)

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling and escaping of user-provided query parameters. All filterable object-list views are vulnerable.

How to fix Cross-site Scripting (XSS)?

Upgrade nautobot to version 1.6.20, 2.2.3 or higher.

[1.5.0,1.6.20) [2.0.0,2.2.3)

Information Exposure

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Information Exposure due to improper access control on several URL endpoints. An attacker can access sensitive information without authentication by exploiting endpoints that are improperly accessible to unauthenticated users. This includes endpoints that may disclose information about the system's authentication backend classes, supported secrets providers, and potentially sensitive logs associated with specific JobResults.

Note:

This is only exploitable if the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is altered from its default value to permit access to specific data by unauthenticated users.

How to fix Information Exposure?

Upgrade nautobot to version 1.6.16, 2.1.9 or higher.

[,1.6.16) [2.0.0,2.1.9)

Go back to all versions of this package

nautobot@2.1.5 vulnerabilities

Source of truth and network automation platform.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities