Lucene search
PRIOn knowledge basePRION:CVE-2023-32077HistoryAug 24, 2023 - 10:15 p.m.
Hardcoded credentials
2023-08-2422:15:00
PRIOn knowledge base
www.prio-n.com
8
netmaker
wireguard
hardcoded credentials
dns key
unauth users
api endpoints
patched version
upgrade
docker image
0.089 Low
EPSS
Percentile
94.6%
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull gravitl/netmaker:v0.17.1 and docker-compose up -d. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.
Related
osv
osv
CVE-2023-32077
2023-08-24 22:15:08
Netmaker has Hardcoded DNS Secret Key
2023-08-25 18:38:18
cvelist
cvelist
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
2023-08-24 21:23:14
nvd
nvd
CVE-2023-32077
2023-08-24 22:15:08
cve
cve
CVE-2023-32077
2023-08-24 22:15:08
nuclei
nuclei
Netmaker - Hardcoded DNS Secret Key
2024-04-29 12:54:31
veracode
veracode
Hardcoded DNS Key
2023-08-29 09:30:06
github
github
Netmaker has Hardcoded DNS Secret Key
2023-08-25 18:38:18