CVE-2023-33796

Name of the Vulnerable Software and Affected Versions Netbox version 3.5.1

Description A vulnerability allows unauthenticated attackers to execute queries against the GraphQL database, potentially granting them access to sensitive data stored in the database. However, the vendor disputes this, stating that the reporter's only query was for the schema of the API, which is public, and queries for database objects would have been denied.

Recommendations For Netbox version 3.5.1, consider restricting access to the GraphQL database to prevent potential exploitation, as the vendor disputes the vulnerability but it is still reported to potentially allow access to sensitive data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.