Vulnerabilities > CVE-2023-33796 - Unspecified vulnerability in Netbox 3.5.1

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

netbox

critical

NVD

Published: 2023-05-24

Updated: 2024-11-21

Summary

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.

Vulnerable Configurations

Part	Description	Count
Application	Netbox Netbox Netbox 3.5.1	1

References

https://github.com/anhdq201/netbox/issues/16
https://github.com/netbox-community/netbox/discussions/12729#discussioncomment-6008669
https://github.com/anhdq201/netbox/issues/16
https://github.com/netbox-community/netbox/discussions/12729#discussioncomment-6008669