CVE-2024-23345
CVSS V2 None
CVSS V3 None
Description
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.
Overview
- CVE ID
- CVE-2024-23345
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-22T23:14:52.596Z
- Last Modified Date
- 2024-01-22T23:14:52.596Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h | x_refsource_CONFIRM |
https://github.com/nautobot/nautobot/pull/5133 | x_refsource_MISC |
https://github.com/nautobot/nautobot/pull/5134 | x_refsource_MISC |
https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80 | x_refsource_MISC |
https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-23345 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23345 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 07:24:59 | Added to TrackCVE |