CVE-2023-51649
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-51649
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-51649.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-51649
- Aliases
- Published
- 2023-12-22T17:15:10Z
- Modified
- 2024-11-21T14:59:27.289162Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level
extras.run_jobpermission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0 - References
Affected packages
Git / github.com/nautobot/nautobot
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nautobot/nautobot
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0.0
v1.0.0a1
v1.0.0a2
v1.0.0b1
v1.0.0b2
v1.0.0b3
v1.0.0b4
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0b1
v1.1.0b2
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2
v1.2.0
v1.2.0b1
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3
v1.3.0
v1.3.0-beta.1
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-beta.1
v1.4.0-rc.1
v1.4.1
v1.4.10
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.0-beta.1
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.0-rc.1
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7