Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-z4ux-pgu6-6kc9

Summary Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.

Aliases

alias	CVE-2024-36112

alias	PYSEC-2024-166

Fixed_packages

url pkg:pypi/nautobot@2.3.0b1

purl pkg:pypi/nautobot@2.3.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.3.0b1

Affected_packages

url pkg:pypi/nautobot@2.0.0

purl pkg:pypi/nautobot@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-qdhy-2gqp-1kgj

vulnerability	VCID-r31w-t9kj-kudc

vulnerability	VCID-vamd-bk63-gkh1

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.0

url pkg:pypi/nautobot@2.0.1

purl pkg:pypi/nautobot@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-r31w-t9kj-kudc

vulnerability	VCID-vamd-bk63-gkh1

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.1

url pkg:pypi/nautobot@2.0.2

purl pkg:pypi/nautobot@2.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-r31w-t9kj-kudc

vulnerability	VCID-vamd-bk63-gkh1

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.2

url pkg:pypi/nautobot@2.0.3

purl pkg:pypi/nautobot@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-r31w-t9kj-kudc

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.3

url pkg:pypi/nautobot@2.0.4

purl pkg:pypi/nautobot@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-r31w-t9kj-kudc

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.4

url pkg:pypi/nautobot@2.0.5

purl pkg:pypi/nautobot@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-qbp5-ry2r-hufh

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.5

url pkg:pypi/nautobot@2.0.6

purl pkg:pypi/nautobot@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.6

url pkg:pypi/nautobot@2.1.0b1

purl pkg:pypi/nautobot@2.1.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-kjkb-625k-kudt

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.0b1

url pkg:pypi/nautobot@2.1.0

purl pkg:pypi/nautobot@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.0

url pkg:pypi/nautobot@2.1.1

purl pkg:pypi/nautobot@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-d3uz-p963-6fay

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.1

url pkg:pypi/nautobot@2.1.2

purl pkg:pypi/nautobot@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.2

url pkg:pypi/nautobot@2.1.3

purl pkg:pypi/nautobot@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.3

url pkg:pypi/nautobot@2.1.4

purl pkg:pypi/nautobot@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.4

url pkg:pypi/nautobot@2.1.5

purl pkg:pypi/nautobot@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.5

url pkg:pypi/nautobot@2.1.6

purl pkg:pypi/nautobot@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.6

url pkg:pypi/nautobot@2.1.7

purl pkg:pypi/nautobot@2.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.7

url pkg:pypi/nautobot@2.1.8

purl pkg:pypi/nautobot@2.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.8

url pkg:pypi/nautobot@2.1.9

purl pkg:pypi/nautobot@2.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.9

url pkg:pypi/nautobot@2.2.0b1

purl pkg:pypi/nautobot@2.2.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.0b1

url pkg:pypi/nautobot@2.2.0

purl pkg:pypi/nautobot@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.0

url pkg:pypi/nautobot@2.2.1

purl pkg:pypi/nautobot@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.1

url pkg:pypi/nautobot@2.2.2

purl pkg:pypi/nautobot@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.2

url pkg:pypi/nautobot@2.2.3

purl pkg:pypi/nautobot@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.3

url pkg:pypi/nautobot@2.2.4

purl pkg:pypi/nautobot@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.4

url pkg:pypi/nautobot@2.2.5

purl pkg:pypi/nautobot@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.5

url pkg:pypi/nautobot@2.2.6

purl pkg:pypi/nautobot@2.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.6

url pkg:pypi/nautobot@2.2.7

purl pkg:pypi/nautobot@2.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.7

url pkg:pypi/nautobot@2.2.8

purl pkg:pypi/nautobot@2.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.8

url pkg:pypi/nautobot@2.2.9

purl pkg:pypi/nautobot@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vr34-ms8k-zybv

vulnerability	VCID-z4ux-pgu6-6kc9

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.9

References

reference_url	https://github.com/nautobot/nautobot/pull/5757
reference_id
reference_type
scores
url	https://github.com/nautobot/nautobot/pull/5757

reference_url	https://github.com/nautobot/nautobot/pull/5762
reference_id
reference_type
scores
url	https://github.com/nautobot/nautobot/pull/5762

reference_url	https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q
reference_id
reference_type
scores
url	https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ux-pgu6-6kc9

Vulnerability Instance