CVE-2023-51649

Summary

CVE-2023-51649 is a vulnerability affecting Nautobot, a Network Source of Truth and Network Automation Platform. This issue lies in the way Nautobot handles job permissions. When submitting a job, only the model-level permission to run jobs in general is checked, disregarding object-level permissions that determine if a user has permission to run specific jobs. Consequently, a user with the ability to run a single job can actually execute all configured job button jobs. The forthcoming releases 1.6.8 and 2.1.0 will contain the necessary fixes to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.