Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nautobot may allows uploaded media files to be accessible without authentication
Vulnerability Description
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file. Nautobot v2.4.10 and v1.6.32 address this issue by adding enforcement of Nautobot user authentication to this endpoint.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Nautobot 信息泄露漏洞
Vulnerability Description
Nautobot是Nautobot个人开发者的一个网络自动化平台。 Nautobot v2.4.10和v1.6.32之前版本存在信息泄露漏洞,该漏洞源于未强制执行用户身份验证,可能导致匿名用户检索文件。
CVSS Information
N/A
Vulnerability Type
N/A