CVE-2024-29199

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-29199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29199.json
Aliases
Published
2024-03-26T03:15:13Z
Modified
2024-05-14T13:11:04.275604Z
Summary
[none]
Details

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPTVIEWPERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.

References

Affected packages

Git / github.com/nautobot/nautobot

Affected ranges

Type
GIT
Repo
https://github.com/nautobot/nautobot
Events
Introduced
0The exact introduced commit is unknown
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.0a1
v1.0.0a2
v1.0.0b1
v1.0.0b2
v1.0.0b3
v1.0.0b4
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0b1
v1.1.0b2
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.2
v1.2.0
v1.2.0b1
v1.2.1
v1.2.10
v1.2.11
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.2.9
v1.3
v1.3.0
v1.3.0-beta.1
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4.0
v1.4.0-alpha.1
v1.4.0-alpha.2
v1.4.0-beta.1
v1.4.0-rc.1
v1.4.1
v1.4.10
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.0-beta.1
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.15
v1.5.16
v1.5.17
v1.5.18
v1.5.19
v1.5.2
v1.5.20
v1.5.21
v1.5.22
v1.5.23
v1.5.24
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.0-rc.1
v1.6.1
v1.6.10
v1.6.11
v1.6.12
v1.6.13
v1.6.14
v1.6.15
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9

v2.*

v2.0.0
v2.0.0-alpha.1
v2.0.0-alpha.2
v2.0.0-beta.1
v2.0.0-beta.2
v2.0.0-rc.1
v2.0.0-rc.2
v2.0.0-rc.3
v2.0.0-rc.4
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8