CVE-2022-36110

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.15.1

Description The issue is related to Improper Authorization functions, which allow non-privileged users to run privileged API calls. If users without admin privileges are added to the Netmaker platform, they can use their auth tokens to run admin-level functions via the API. Additionally, differing response codes based on function calls may allow non-users to brute force the determination of network names on the system.

Recommendations For versions prior to 0.15.1, update to version 0.15.1 by following these steps:

Run docker-compose down
Run docker pull gravitl/netmaker:v0.15.1
Run docker-compose up -d

Exploit

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-1220

Related Identifiers

CVE-2022-36110

GHSA-GGF6-638M-VQMG

GO-2022-0986

Affected Products

Netmaker

CVE-2022-36110

Weakness Enumeration

Related Identifiers

Affected Products

References · 11