all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-25657 (nautobot)

Add to bookmarks
Feb. 21, 2023, 9:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to …

automation change code code execution cve engine environments exploits network platform remote code remote code execution sandbox secret template truth vulnerability webhook

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months, 1 week ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months, 1 week ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months, 1 week ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months, 1 week ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months, 1 week ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months, 1 week ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months, 1 week ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cyber Security Analyst

@ Dane Street | Palm Beach Gardens, Florida, United States
View on infosec-jobs.com

Program Information System Security Manager (ISSM) - onsite Tucson, AZ - TOP SECRET required

@ RTX | AZ855: RMS AP Bldg M05 1151 East Hermans Road Building M05, Tucson, AZ, 85756 USA
View on infosec-jobs.com

Lead - Business System Service (Workday HR Functional Consultant)

@ Freshworks | Bengaluru, India
View on infosec-jobs.com

Cloud Security Engineer

@ ButterflyMX | United States - Remote
View on infosec-jobs.com

Compliance Specialist

@ Airtable | Austin, Texas or San Francisco, California
View on infosec-jobs.com

Cyber SCRM Cloud Assessor Lead

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs