Glennmatthews

**Name of the Vulnerable Software and Affected Versions** Nautobot versions prior to 2.4.10 Nautobot versions prior to 1.6.32 **Description** The issue concerns Nautobot, a Network Source of Truth and Network Automation Platform. Files uploaded by users to Nautobot's MEDIA ROOT directory can be retrieved by anonymous users who know or can guess the correct URL for a given file, due to a lack of user authentication enforcement on the URL endpoint serving these files. **Recommendations** For versions prior to 2.4.10, update to version 2.4.10 or later to address the issue. For versions prior to 1.6.32, update to version 1.6.32 or later to address the issue.