How severe is CVE-2023-51649?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2023-51649?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-51649 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level `extras.run_job` permission is checked (i.e., does the user have permission to run Jobs in general). Object-level permissions (i.e., does the user have permission to run this specific Job?) are not enforced by the URL/view used in this case. A user with permissions to run even a single Job can actually run all configured JobButton Jobs. Fix will be available in Nautobot 1.6.8 and 2.1.0

Related Vulnerabilities

CVE-2012-3821

MEDIUM

CVSS:4.3(Medium)

A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.

CWE-8632012

CVE-2013-4228

MEDIUM

CVSS:4.3(Medium)

The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authent...

CWE-8632013

CVE-2013-4411

MEDIUM

CVSS:4.3(Medium)

Review Board: URL processing gives unauthorized users access to review lists

CWE-8632013

CVE-2016-4178

MEDIUM

CVSS:4.3(Medium)

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sen...

CWE-8632016

CVE-2017-17323

MEDIUM

CVSS:4.3(Medium)

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain i...

CWE-8632017

CVE-2017-1766

MEDIUM

CVSS:4.3(Medium)

Due to incorrect authorization in IBM Business Process Manager 8.6 an attacker can claim and work on ad hoc tasks he is not assigned to. IBM X-Force ID: 136151.

CWE-8632017