Description

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.

INFO

Published Date :

2024-05-13T19:22:41.202Z

Last Modified :

2024-08-02T02:59:22.584Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34707 vulnerability.

Vendors Products
Networktocode
  • Nautobot
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34707.

URL Resource
https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51c cve-icon cve-icon cve-icon
https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423 cve-icon cve-icon cve-icon
https://github.com/nautobot/nautobot/pull/5697 cve-icon cve-icon cve-icon
https://github.com/nautobot/nautobot/pull/5698 cve-icon cve-icon cve-icon
https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact