Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-34707
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-14 May, 2024 | 15:39
Updated At-26 Aug, 2025 | 16:16

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:L
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CPE Matches
networktocode
networktocode
>>nautobot>>Versions before 1.6.22(exclusive)
cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*
networktocode
networktocode
>>nautobot>>Versions from 2.0.0(inclusive) to 2.2.4(exclusive)
cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondarysecurity-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51csecurity-advisories@github.com
Patch
https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423security-advisories@github.com
Patch
https://github.com/nautobot/nautobot/pull/5697security-advisories@github.com
Exploit
Patch
https://github.com/nautobot/nautobot/pull/5698security-advisories@github.com
Exploit
Patch
https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3security-advisories@github.com
Patch
Vendor Advisory
https://github.com/nautobot/nautobot/commit/4f0a66bd6307bfe0e0acb899233e0d4ad516f51caf854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/nautobot/nautobot/commit/f640aedc69c848d3d1be57f0300fc40033ff6423af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/nautobot/nautobot/pull/5697af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/nautobot/nautobot/pull/5698af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hr-4v48-fjv3af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Change History
0Changes found
Details not found