Nautobot Jinja2 Templating Vulnerability Allows Secrets Exposure and Unauthorized Data Modification

A vulnerability exists in Nautobot versions prior to 2.4.10 and prior to 1.6.32, allowing for the exposure of secret values and unauthorized data modifications. This issue arises from inadequate security configurations in the Jinja2 templating feature, which is utilized in computed fields and custom links. A malicious user could manipulate this feature to access secrets defined in Nautobot or to invoke Python APIs that alter data within Nautobot, all while circumventing the object permissions assigned to the user.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive secret values and allow malicious users to modify data within Nautobot, bypassing established permissions.

Reproduction

The vulnerability can be reproduced by creating a Jinja2 template that accesses secret values or calls Python methods to modify Nautobot data. This can be done in an environment where the Jinja2 sandbox is not properly enforced, allowing the template to execute unsafe operations.

Remediation

Users can upgrade to Nautobot versions 1.6.32 or 2.4.10, both of which include patches for this vulnerability. Additionally, reviewing and adjusting object permissions to restrict certain actions to trusted users can provide a temporary mitigation.