Whatisproblem

**Name of the Vulnerable Software and Affected Versions** Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 **Description** The `Webhook` data model and associated feature set can be configured by users with sufficient access to perform requests to unauthorized hosts and IP addresses. This allows for behaviors similar to server-side request forgery (SSRF), where the server is coerced into making unintended requests. **Recommendations** Update to version 2.4.33. Update to version 3.1.2. Review users granted `add` or `change` permissions for the `Webhook` data model and audit existing `Webhook` records for safety and validity. Configure `WEBHOOK ALLOWED SCHEMES` to restrict records to HTTP or HTTPS. Use `WEBHOOK ADDITIONAL BLOCKED NETWORKS` to specify IP networks that should be denied for `Webhook` sending. Use `WEBHOOK ALLOWED HOSTS` to provide an allow-list of specific hosts that should bypass blocked network configurations.

**Name of the Vulnerable Software and Affected Versions** Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 **Description** Nautobot is a Network Source of Truth and Network Automation Platform. The REST API fails to enforce user view permissions when creating or updating objects that use inter-object references via `GenericForeignKey`. This pattern allows an object to reference another object that may belong to one of several different content types or database tables. Consequently, a user with permissions to create or update specific records, such as `ImageAttachment`, but without permissions to view certain `Device` records, could link an attachment to a device if they possess the device's UUID. Other affected models include `ApprovalWorkflow`, `Cable`, `ConfigContext`, `ContactAssociation`, `DataCompliance`, `Device`, `ExportTemplate`, `GraphQLQuery`, `Note`, `ObjectMetadata`, `RelationshipAssociation`, `StaticGroupAssociation`, and `VirtualMachine`. Additionally, Nautobot Apps providing models with a REST API using `GenericForeignKey` may be affected. **Recommendations** Update to version 2.4.33. Update to version 3.1.2.

**Name of the Vulnerable Software and Affected Versions** Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 **Description** UI object-bulk-rename endpoints, such as "/dcim/interfaces/rename/", are susceptible to an application-wide denial of service. This occurs when maliciously crafted regular expressions are provided in the `find` field while the `use regex` flag is active, causing the system to execute the evaluation for an indefinite duration. **Recommendations** Update to version 2.4.33. Update to version 3.1.2.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.217 **Description** A user with `updateAutoReply` permission can store a Cross-Site Scripting (XSS) payload in the mailbox auto-reply message. This payload is rendered without escaping in the auto-reply emails sent to customers. Since email clients typically do not enforce Content Security Policy (CSP), the payload executes within the context of the customer's webmail or mail client. **Recommendations** Update to version 1.8.217.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.217 **Description** The `sanitizeRemoteUrl()` function in `app/Misc/Helper.php` follows HTTP redirects via `curlGetLastRedirectedUrl()` but re-validates the original URL instead of the final destination. This allows an attacker to provide a URL that passes the initial host check to redirect the application to internal HTTP services, such as cloud metadata, internal APIs, or RFC1918 ranges, which are typically blocked. **Recommendations** Update to version 1.8.217.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.217 **Description** The '/user-setup/{hash}' endpoint accepts a 60-character random `invite hash` to set a new user's password but does not perform an expiration check, allowing the hash to remain valid indefinitely until used. This can lead to unauthenticated permanent account takeover if the hash is leaked through forwarded emails, HTTP referrers to external CDNs, server-side logs, or abandoned emails in shared inboxes. If the leaked invite was intended for an administrator, the attacker can gain administrative access. **Recommendations** Update to version 1.8.217.

**Name of the Vulnerable Software and Affected Versions** FreeScout versions prior to 1.8.217 **Description** A user with the `PERM EDIT USERS` permission can read and modify the notification subscriptions of any other user, including administrators, by sending a single POST request. This allows a non-admin attacker to silently disable email, browser, or mobile notifications for an administrator, which can suppress security alerts and conversation-assignment notices. **Recommendations** Update to version 1.8.217.

**Name of the Vulnerable Software and Affected Versions** Weblate versions prior to 5.17.1 **Description** When a user changes their password, browser sessions are invalidated using the `cycle session keys()` function, but Django REST Framework (DRF) API tokens with the `wlu *` prefix stored in `authtoken token` are not revoked. **Recommendations** Update to version 5.17.1.