Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could…

Nautobot, a Network Source of Truth and Network Automation Platform, contains a server-side request forgery (SSRF) vulnerability in versions prior to 2.4.33 and 3.1.2. The vulnerability exists in the Webhook data model and associated feature set, allowing users with sufficient access to perform unauthorized requests to various hosts and IP addresses. This could enable attackers to access internal systems or perform reconnaissance on internal networks. The vulnerability has been patched in versions 2.4.33 and 3.1.2, with fixes available through GitHub commits and security advisories.