Vulnerability	Vulnerable Version
M Information Exposure nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure due to the improper enforcement of authentication mechanisms on the `MEDIA_ROOT` directory. An attacker can retrieve files by guessing or knowing the correct URL for a given file. How to fix Information Exposure? Upgrade `nautobot` to version 1.6.32, 2.4.10 or higher.	[,1.6.32)[2.0.0,2.4.10)
M Improper Neutralization of Special Elements Used in a Template Engine nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the misconfiguration of the `Jinja2` templating feature. An attacker can expose secret values and manipulate data by configuring the templating feature to call Python APIs or expose secrets during content rendering. Note: This is only exploitable if object permissions are not properly configured to restrict sensitive actions to trusted users only. How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `nautobot` to version 1.6.32, 2.4.10 or higher.	[,1.6.32)[2.0.0,2.4.10)

Information Exposure

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Information Exposure due to the improper enforcement of authentication mechanisms on the MEDIA_ROOT directory. An attacker can retrieve files by guessing or knowing the correct URL for a given file.

How to fix Information Exposure?

Upgrade nautobot to version 1.6.32, 2.4.10 or higher.

[,1.6.32)[2.0.0,2.4.10)

Improper Neutralization of Special Elements Used in a Template Engine

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the misconfiguration of the Jinja2 templating feature. An attacker can expose secret values and manipulate data by configuring the templating feature to call Python APIs or expose secrets during content rendering.

Note: This is only exploitable if object permissions are not properly configured to restrict sensitive actions to trusted users only.

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade nautobot to version 1.6.32, 2.4.10 or higher.

[,1.6.32)[2.0.0,2.4.10)

Go back to all versions of this package