CVE-2023-46128
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46128
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46128.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-46128
- Aliases
- Published
- 2023-10-25T18:17:36Z
- Modified
- 2024-10-12T11:08:16.408419Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the
?depth=<N>query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3. - References
Affected packages
Git / github.com/nautobot/nautobot
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nautobot/nautobot
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0a1
v1.0.0a2
v1.0.0b1
v1.0.0b2
v1.0.0b3
v1.0.0b4
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0b1
v1.1.0b2
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2
v1.2.0
v1.2.0b1
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3
v1.3.0
v1.3.0-beta.1
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-beta.1
v1.4.0-rc.1
v1.4.1
v1.4.10
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.0-beta.1
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.0-rc.1
v1.6.1
v1.6.2
v2.*
v2.0.0
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-rc.1
v2.0.0-rc.2
v2.0.0-rc.3
v2.0.0-rc.4
v2.0.1
v2.0.2