Vulnerability Details CVE-2023-33796
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 9.1
References