CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

CVE-2023-32079

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

CVE-2023-32077

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

CVE-2022-36110

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

GO-2022-0986 Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker

Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker...

GO-2022-0561 Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker

Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker...

GO-2022-0328 Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker

Use of Hard-coded Cryptographic Key in Netmaker in github.com/gravitl/netmaker...

GO-2023-2023 Netmaker IDOR Allows User to Update Other User's Password in github.com/gravitl/netmaker

Netmaker IDOR Allows User to Update Other User's Password in github.com/gravitl/netmaker...

GO-2023-2022 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker

Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker...

GO-2023-2025 Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker

Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User in github.com/gravitl/netmaker...

Privilege Escalation

github.com/gravitl/netmaker is vulnerable to Privilege Escalation. The vulnerability exists due to improper permission validation for non-admin users, which allows an attacker to perform authorized actions on users, such as changing roles...

Hardcoded DNS Key

github.com/gravitl/netmaker uses a Hardcoded DNS Key. The vulnerability exists because the library does not securely set a DNS secret key, which allows an attacker to access DNS related API endpoints...

GHSA-826J-8WP2-4X6Q Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User

Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...

Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User

Impact A Mass assignment vulnerability was found allowing a non-admin user to escalate privileges to admin user. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch...

Netmaker has Hardcoded DNS Secret Key

Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...

GHSA-8X8H-HCQ8-JWWX Netmaker has Hardcoded DNS Secret Key

Impact Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will...

CVE-2023-32079

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

Design/Logic Flaw

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

CVE-2023-32077

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...