{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T22:09:24.136","vulnerabilities":[{"cve":{"id":"CVE-2023-46128","sourceIdentifier":"security-advisories@github.com","published":"2023-10-25T18:17:36.607","lastModified":"2026-06-17T06:30:12.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.\n\n"},{"lang":"es","value":"Nautobot es una plataforma de automatización de redes construida como una aplicación web sobre el framework Django Python con una base de datos PostgreSQL o MySQL. En Nautobot 2.0.x, ciertos endpoints de la API REST, en combinación con el parámetro de consulta `? Depth=`, pueden exponer contraseñas de usuario con hash almacenadas en la base de datos a cualquier usuario autenticado con acceso a estos endpoints. Las contraseñas no están expuestas en texto plano. Esta vulnerabilidad ha sido parcheada en la versión 2.0.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"nautobot","product":"nautobot","versions":[{"version":">= 2.0.0, < 2.0.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-11T17:01:56.458681Z","id":"CVE-2023-46128","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.3","matchCriteriaId":"481023F9-E80F-43AC-B069-5E53FA285584"}]}]}],"references":[{"url":"https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/4692","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/nautobot/nautobot/commit/1ce8e5c658a075c29554d517cd453675e5d40d71","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/pull/4692","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}}]}