Login Sign Up

CVE-2024-32979

7.5 HIGH
Cross-Site Scripting

📋 TL;DR

CVE-2024-32979 is a reflected cross-site scripting vulnerability in Nautobot's filterable object-list views. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers when clicked. All Nautobot users accessing vulnerable versions are affected.

💻 Affected Systems

Products:
  • Nautobot
Versions: All versions before 1.6.20 and 2.2.3
Operating Systems: Any OS running Nautobot
Default Config Vulnerable: ⚠️ Yes
Notes: All filterable object-list views are vulnerable regardless of configuration.

📦 What is this software?

Nautobot by Networktocode

View all CVEs affecting Nautobot →

Nautobot by Networktocode

View all CVEs affecting Nautobot →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware via browser exploitation.

🟠

Likely Case

Session hijacking leading to unauthorized access, data theft, or privilege escalation within the Nautobot application.

🟢

If Mitigated

With proper input validation and output encoding, XSS attacks are prevented, limiting impact to attempted exploitation logs.

🌐 Internet-Facing: HIGH - Web applications exposed to the internet are directly accessible to attackers who can craft malicious URLs.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this via phishing or other social engineering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.6.20 or 2.2.3

Vendor Advisory: https://github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg

Restart Required: Yes

Instructions:

1. Backup your Nautobot instance and database. 2. Update Nautobot using pip: 'pip install --upgrade nautobot==1.6.20' or 'pip install --upgrade nautobot==2.2.3'. 3. Restart the Nautobot service. 4. Verify the update was successful.

🔧 Temporary Workarounds

No official workarounds

all

The vendor advisory states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to limit script execution
  • Use web application firewall (WAF) rules to detect and block XSS payloads in URLs

🔍 How to Verify

Check if Vulnerable:

Check Nautobot version: if running version <1.6.20 (for 1.x) or <2.2.3 (for 2.x), you are vulnerable.

Check Version:

python -c "import nautobot; print(nautobot.__version__)"

Verify Fix Applied:

After patching, verify version is 1.6.20 or higher (1.x) or 2.2.3 or higher (2.x). Test filterable views with safe XSS test payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual long URLs with script tags or JavaScript in query parameters
  • Multiple failed XSS attempts in web logs

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript in URL parameters
  • Suspicious redirects from Nautobot URLs

SIEM Query:

source="nautobot.logs" AND (url="*<script>*" OR url="*javascript:*" OR url="*onerror=*" OR url="*onload=*")

📊 Metadata

CVE ID: CVE-2024-32979
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L
CWE: CWE-79
Published: May 1, 2024
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32979, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)