CVE-2024-29199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29199

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29199.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29199

Aliases

GHSA-m732-wvh2-7cq4

Published

2024-03-26T03:08:21.873Z

Modified

2025-12-05T04:17:53.436837Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Unauthenticated views may expose information to anonymous users

Details

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPTVIEWPERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29199.json"
}

References

Affected packages

Git / github.com/nautobot/nautobot

Affected ranges

Type

GIT

Repo

https://github.com/nautobot/nautobot

Events

Introduced

Fixed

2e47256be431341d125b6004b772187fa8a6957f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.16"
        }
    ]
}

Type

GIT

Repo

https://github.com/nautobot/nautobot

Events

Introduced

3013f25b41a1409adb815afb654fad4988f640ef

Fixed

27ee0c23d79db44300e8c3907432c01e445fec41

Database specific

{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.1.9"
        }
    ]
}

Affected versions

v1.*

v1.0.0

v1.0.0a1

v1.0.0a2

v1.0.0b1

v1.0.0b2

v1.0.0b3

v1.0.0b4

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.0b1

v1.1.0b2

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.2

v1.2.0

v1.2.0b1

v1.2.1

v1.2.10

v1.2.11

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3

v1.3.0

v1.3.0-beta.1

v1.3.1

v1.3.10

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.0-alpha.1

v1.4.0-alpha.2

v1.4.0-beta.1

v1.4.0-rc.1

v1.4.1

v1.4.10

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.0-beta.1

v1.5.1

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.14

v1.5.15

v1.5.16

v1.5.17

v1.5.18

v1.5.19

v1.5.2

v1.5.20

v1.5.21

v1.5.22

v1.5.23

v1.5.24

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.0-rc.1

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.13

v1.6.14

v1.6.15

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8