What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view (/api/extras/dynamic-groups/<uuid>/members/) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot …
A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of BANNER_LOGIN) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing …
It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable, including: /dcim/location-types/ /dcim/locations/ /dcim/racks/ /dcim/rack-groups/ /dcim/rack-reservations/ /dcim/rack-elevations/ /tenancy/tenants/ /tenancy/tenant-groups/ /extras/tags/ /extras/statuses/ /extras/roles/ /extras/dynamic-groups/ /dcim/devices/ /dcim/platforms/ /dcim/virtual-chassis/ /dcim/device-redundancy-groups/ /dcim/interface-redundancy-groups/ /dcim/device-types/ /dcim/manufacturers/ /dcim/cables/ /dcim/console-connections/ /dcim/power-connections/ /dcim/interface-connections/ /dcim/interfaces/ /dcim/front-ports/ /dcim/rear-ports/ /dcim/console-ports/ …
It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable, including: /dcim/location-types/ /dcim/locations/ /dcim/racks/ /dcim/rack-groups/ /dcim/rack-reservations/ /dcim/rack-elevations/ /tenancy/tenants/ /tenancy/tenant-groups/ /extras/tags/ /extras/statuses/ /extras/roles/ /extras/dynamic-groups/ /dcim/devices/ /dcim/platforms/ /dcim/virtual-chassis/ /dcim/device-redundancy-groups/ /dcim/interface-redundancy-groups/ /dcim/device-types/ /dcim/manufacturers/ /dcim/cables/ /dcim/console-connections/ /dcim/power-connections/ /dcim/interface-connections/ /dcim/interfaces/ /dcim/front-ports/ /dcim/rear-ports/ /dcim/console-ports/ …
A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: /api/graphql/ (1) /api/users/users/session/ (Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes are enabled on this Nautobot instance) /dcim/racks/<uuid:pk>/dynamic-groups/ (1) /dcim/devices/<uuid:pk>/dynamic-groups/ (1) /extras/job-results/<uuid:pk>/log-table/ /extras/secrets/provider/<str:provider_slug>/form/ (the only information exposed to an anonymous user is the fact that a secrets provider with the given slug (e.g. …
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.