3 matches found
GHSA-HMQR-WJMJ-376C Netmaker has Insufficient Authorization in Host Token Verification
The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...
CVE-2026-29194 Netmaker: Insufficient Authorization in Host Token Verification
Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect due to improper URL validation in the urlhostallowed? method. Remediation Upgrade actionpack to version 7.0.4 or higher. References - GitHub Commit - GitHub Commit - GitHub PR - PoC Credit: santib...