#js

### Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. > The passwords are *not* exposed in plaintext. > Nautobot 1.x is *not* affected by this vulnerability. Example: ``` GET /api/users/permissions/?depth=1 HTTP 200 OK API-Version: 2.0 Allow: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS Content-Type: application/json Vary: Accept ``` ```json { "count": 1, "next": null, "previous": null, "results": [ { "id": "28ea85e4-5039-4389-94f1-9a3e1c787149", "object_type": "users.objectpermission", "display": "Run Job", "url": "http://localhost:8080/api/users/permissions/28ea85e4-5039-4389-94f1-9a3e1c787149/", "natural_slug": "run-job_28ea", "object_types": [ "extras.job" ], "name": ...

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6079-01 - Red Hat Integration Camel for Spring Boot 3.20.3 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6077-01 - An updated rhel9/toolbox container image is now available in the Red Hat container registry.

Red Hat Security Advisory 2023-6071-01 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6069-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-6068-01 - An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6059-01 - Red Hat OpenShift Pipelines Client tkn for 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6057-01 - An update for toolbox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.