-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nautobot-device-onboarding | pip | >= 2.0.0, < 3.0.0 | 3.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from credentials being stored in Celery task arguments visible in Job Results. The primary culprits are: 1) The Celery task handler itself (run_onboarding_task), which receives sensitive arguments, and 2) The enqueue method that initiates the task with raw credentials. These functions would directly handle credential arguments without sanitization prior to v3.0.0. The high confidence comes from the advisory's explicit mention of task args exposure and the typical Celery/Nautobot job result storage patterns.
PythonPythonOngoing coverage of React2Shell