CVE-2023-33796

Опубликовано: 24 мая 2023

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.

Ссылки

https://github.com/anhdq201/netbox/issues/16
Exploit
Issue Tracking
https://github.com/netbox-community/netbox/discussions/12729#discussioncomment-6008669
https://github.com/anhdq201/netbox/issues/16
Exploit
Issue Tracking
https://github.com/netbox-community/netbox/discussions/12729#discussioncomment-6008669

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netbox:netbox:3.5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-33796

CVSS3: 9.1

debian

больше 2 лет назад

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to e ...

GHSA-g22j-4jxh-2vc7

CVSS3: 9.1

github

больше 2 лет назад

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database.

EPSS

Процентиль: 45%

0.00225

Низкий

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo