CVE-2024-23345 is a high-severity cross-site scripting (XSS) vulnerability affecting Nautobot, a network source of truth and network automation platform implemented as a web application. The vulnerability arises from improper neutralization of input during web page generation, specifically in user-editable fields that support Markdown rendering. Versions of Nautobot prior to 1.6.10 and between 2.0.0 and 2.1.2 are vulnerable. The root cause is inadequate input sanitization, allowing attackers to inject malicious scripts into Markdown-enabled fields. When these fields are rendered in the web interface, the malicious scripts execute in the context of the victim's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 3.1 base score is 7.1, reflecting a high severity due to the vulnerability's network attack vector, requirement for low privileges, user interaction, and its impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the vulnerability's nature and the widespread use of Nautobot in network management environments make it a significant risk. The issue is resolved in Nautobot versions 1.6.10 and 2.1.2 by improving input sanitization and Markdown rendering processes to prevent script injection.

For European organizations, the impact of this vulnerability can be substantial, especially for enterprises and service providers relying on Nautobot for network automation and source of truth functions. Successful exploitation could allow attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to theft of sensitive network configuration data, unauthorized network changes, or lateral movement within the network. This could disrupt critical network operations, degrade service availability, and expose confidential infrastructure details. Given the importance of network automation in maintaining operational efficiency and security, exploitation could also facilitate further attacks such as ransomware or espionage. The vulnerability's requirement for user interaction (e.g., a user viewing a maliciously crafted page) means that phishing or social engineering could be used to trigger the attack. The high integrity impact indicates that attackers could manipulate network data or configurations, which is particularly concerning for sectors such as telecommunications, finance, and critical infrastructure prevalent in Europe.

European organizations using Nautobot should immediately upgrade to versions 1.6.10 or 2.1.2 or later to remediate this vulnerability. Until upgrades are applied, organizations should implement strict input validation and sanitization on all user-editable fields supporting Markdown rendering, possibly by disabling Markdown rendering temporarily if feasible. Employ Content Security Policy (CSP) headers to restrict script execution and reduce the impact of potential XSS payloads. Additionally, enforce least privilege principles for Nautobot users to limit the scope of potential damage. Regularly audit and monitor Nautobot logs for suspicious activities or unexpected input patterns. Educate users about phishing risks and the dangers of interacting with untrusted links or content within the Nautobot interface. Network segmentation and multi-factor authentication can further reduce the risk of lateral movement and unauthorized access if exploitation occurs.