2023-05-24 00:00:00
mitre
PUBLISHED
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporters only query was for the schema of the API, which is public; queries for database objects would have been denied.