9278 matches found
Hardcoded credentials
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...
Default credentials
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...
CVE-2023-32079 Netmaker Privilige Escalation Vulnerability
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...
CVE-2023-32079 Netmaker Privilige Escalation Vulnerability
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...
CVE-2023-32079
Netmaker (Gravitl) is affected by a Mass assignment privilege escalation vulnerability that lets a non-admin become admin. Affected versions are prior to 0.17.1 and 0.18.6. Mitigation: upgrade to 0.17.1 (patched) or 0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 and resta...
CVE-2023-32079 Netmaker Privilige Escalation Vulnerability
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...
CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...
CVE-2023-32078
CVE-2023-32078 : In Gravitl Netmaker (WireGuard-based networks), an insecure direct object reference (IDOR) vulnerability exists in the user update function that lets an attacker change another user’s password by providing a different username. Affected versions: before 0.17.1 and before 0.18.6. ...
CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...
CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...
CVE-2023-32077
Netmaker Vulnerability: Hardcoded DNS secret key allows unauthenticated users to interact with DNS API endpoints. Affects Netmaker builds prior to 0.17.1 and 0.18.6. Remediation per sources: upgrade to v0.17.1 (patched) or v0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 a...
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...
PT-2023-23589
Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...
PT-2023-23590
Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...
MGASA-2023-0245 Updated docker-containerd packages fix security vulnerability
Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...
Dell Cyber Recovery < 19.11.0.2 Authentication Bypass (DSA-2022-196)
Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote, unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images...
Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.
Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights...