Skip to main content

Nautobot CVE-2024-29199

MEDIUM
Information Exposure (CWE-200)
2024-03-26 security-advisories@github.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 26, 2024 - 03:15 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on nautobot (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.0.0.

DescriptionNVD

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.

AnalysisAI

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. Affected products include: Networktocode Nautobot.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-46128 MEDIUM POC
6.5 Oct 25

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL

CVE-2023-25657 CRITICAL
9.8 Feb 21

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2024-34707 MEDIUM POC
4.8 May 14

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 4.8), this vulnerabil

CVE-2025-49142 HIGH
7.1 Jun 10

A remote code execution vulnerability in Nautobot (CVSS 7.1). High severity vulnerability requiring prompt remediation.

CVE-2024-36112 MEDIUM
6.5 May 28

Nautobot is a Network Source of Truth and Network Automation Platform. Rated medium severity (CVSS 6.5), this vulnerabil

CVE-2024-32979 MEDIUM
6.1 May 01

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python

CVE-2025-49143 MEDIUM
5.9 Jun 10

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by

CVE-2024-23345 MEDIUM
5.4 Jan 23

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. Rated medium severity

CVE-2023-48705 MEDIUM
5.4 Nov 22

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot v

CVE-2023-50263 MEDIUM
5.3 Dec 12

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python

CVE-2023-51649 MEDIUM
4.3 Dec 22

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python

Share

CVE-2024-29199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy