Lucene search

[email protected]NVD:CVE-2023-32079

HistoryAug 24, 2023 - 11:15 p.m.

CVE-2023-32079

2023-08-2423:15:08

CWE-915

[email protected]

web.nvd.nist.gov

netmaker

privilege escalation

patching

docker

wireguard

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run docker pull gravitl/netmaker:v0.17.1 and docker-compose up -d. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Affected configurations

Nvd

Node

gravitlnetmakerRange<0.17.1

gravitlnetmakerRange0.18.0–0.18.5

VendorProductVersionCPE
gravitlnetmaker*cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gravitl	netmaker	*	cpe:2.3:a:gravitl:netmaker::::::::

References

github.com/gravitl/netmaker/security/advisories/GHSA-826j-8wp2-4x6q

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.7%

JSON

Related for NVD:CVE-2023-32079

cvelist1 osv3 prion1 veracode1 github1 cve1