Afeiszli

**Name of the Vulnerable Software and Affected Versions** Netmaker versions prior to 0.8.5 Netmaker versions prior to 0.9.4 Netmaker versions prior to 0.10.0 **Description** The issue is related to a hard-coded cryptographic key in the code base of Netmaker, a platform for creating and managing virtual overlay networks using WireGuard. This key can be exploited to run admin commands on a remote server if the address and username of the admin are known. The server component of Netmaker is affected, but not the clients. **Recommendations** To resolve the issue for versions prior to 0.8.5, upgrade to Netmaker version 0.8.5 or later by performing the following steps: 1. docker-compose down 2. docker pull gravitl/netmaker:(version) 3. docker-compose up -d To resolve the issue for versions prior to 0.9.4, upgrade to Netmaker version 0.9.4 or later by performing the same steps as above. To resolve the issue for versions prior to 0.10.0, upgrade to Netmaker version 0.10.0 or later by performing the same steps as above. If running any other version, upgrade to one of the patched versions (0.8.5, 0.9.4, or 0.10.0).