Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36797?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36797?format=api", "vulnerability_id": "VCID-z4ux-pgu6-6kc9", "summary": "Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user's `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading.", "aliases": [ { "alias": "CVE-2024-36112" }, { "alias": "PYSEC-2024-166" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/41187?format=api", "purl": "pkg:pypi/nautobot@2.3.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.3.0b1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37684?format=api", "purl": "pkg:pypi/nautobot@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-qdhy-2gqp-1kgj" }, { "vulnerability": "VCID-r31w-t9kj-kudc" }, { "vulnerability": "VCID-vamd-bk63-gkh1" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/37685?format=api", "purl": "pkg:pypi/nautobot@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-r31w-t9kj-kudc" }, { "vulnerability": "VCID-vamd-bk63-gkh1" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/37686?format=api", "purl": "pkg:pypi/nautobot@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-r31w-t9kj-kudc" }, { "vulnerability": "VCID-vamd-bk63-gkh1" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/37687?format=api", "purl": "pkg:pypi/nautobot@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-r31w-t9kj-kudc" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/38133?format=api", "purl": "pkg:pypi/nautobot@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-r31w-t9kj-kudc" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/38134?format=api", "purl": "pkg:pypi/nautobot@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-qbp5-ry2r-hufh" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/38306?format=api", "purl": "pkg:pypi/nautobot@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/38393?format=api", "purl": "pkg:pypi/nautobot@2.1.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-kjkb-625k-kudt" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/38394?format=api", "purl": "pkg:pypi/nautobot@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/39128?format=api", "purl": "pkg:pypi/nautobot@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-d3uz-p963-6fay" }, { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/39129?format=api", "purl": "pkg:pypi/nautobot@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41169?format=api", "purl": "pkg:pypi/nautobot@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/41170?format=api", "purl": "pkg:pypi/nautobot@2.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/41171?format=api", "purl": "pkg:pypi/nautobot@2.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/41172?format=api", "purl": "pkg:pypi/nautobot@2.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/41173?format=api", "purl": "pkg:pypi/nautobot@2.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/41174?format=api", "purl": "pkg:pypi/nautobot@2.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/41175?format=api", "purl": "pkg:pypi/nautobot@2.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/41176?format=api", "purl": "pkg:pypi/nautobot@2.2.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41177?format=api", "purl": "pkg:pypi/nautobot@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/41178?format=api", "purl": "pkg:pypi/nautobot@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/41179?format=api", "purl": "pkg:pypi/nautobot@2.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/41180?format=api", "purl": "pkg:pypi/nautobot@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/41181?format=api", "purl": "pkg:pypi/nautobot@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/41182?format=api", "purl": "pkg:pypi/nautobot@2.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/41183?format=api", "purl": "pkg:pypi/nautobot@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/41184?format=api", "purl": "pkg:pypi/nautobot@2.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/41185?format=api", "purl": "pkg:pypi/nautobot@2.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/41186?format=api", "purl": "pkg:pypi/nautobot@2.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-vr34-ms8k-zybv" }, { "vulnerability": "VCID-z4ux-pgu6-6kc9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/nautobot@2.2.9" } ], "references": [ { "reference_url": "https://github.com/nautobot/nautobot/pull/5757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/nautobot/nautobot/pull/5757" }, { "reference_url": "https://github.com/nautobot/nautobot/pull/5762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/nautobot/nautobot/pull/5762" }, { "reference_url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/nautobot/nautobot/security/advisories/GHSA-qmjf-wc2h-6x3q" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ux-pgu6-6kc9" }