VYPR
Low severityNVD Advisory· Published Mar 26, 2024· Updated Aug 2, 2024

Unauthenticated views may expose information to anonymous users

CVE-2024-29199

Description

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nautobotPyPI
< 1.6.161.6.16
nautobotPyPI
>= 2.0.0, < 2.1.92.1.9

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.