Home > Vulnerability Database > CVE-2024-29199

Mend.io Vulnerability Database

CVE-2024-29199

Good to know:

Date: March 25, 2024

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9.

Language: Python

Severity Score

3.7

Related Resources (9)

Url: https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb

Url: https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29199

Url: https://github.com/nautobot/nautobot/releases/tag/v2.1.9

Url: https://github.com/nautobot/nautobot/pull/5465

Url: https://github.com/nautobot/nautobot/releases/tag/v1.6.16

Url: https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4

Url: https://github.com/nautobot/nautobot/pull/5464

Url: https://www.mend.io/vulnerability-database/CVE-2024-29199

Severity Score

3.7

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version nautobot - 1.6.16,2.1.9

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29199

Good to know:

Date: March 25, 2024

Language: Python

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?