Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nautobot: Management of users via REST API does not apply configured password validators
Vulnerability Description
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTH_PASSWORD_VALIDATORS setting (which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's nautobot_config.py to apply various rules if desired). This can potentially allow for the creation or modification of users to have passwords that are weak or otherwise do not comply with configured standards. This issue has been patched in versions 2.4.30 and 3.0.10.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
弱口令要求
Vulnerability Title
Nautobot 安全漏洞
Vulnerability Description
Nautobot是Nautobot个人开发者的一个网络自动化平台。 Nautobot 2.4.30之前版本和3.0.10之前版本存在安全漏洞,该漏洞源于通过REST API创建和编辑用户时未能应用Django的AUTH_PASSWORD_VALIDATORS设置定义的密码验证规则,可能导致创建或修改的用户密码弱或不符配置标准。
CVSS Information
N/A
Vulnerability Type
N/A