CVE-2023-32077

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5

Description Hardcoded DNS key usage has been found in Netmaker, allowing unauthorized users to interact with DNS API endpoints. The issue is patched in version 0.17.1 and fixed in version 0.18.6.

Recommendations For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run docker pull gravitl/netmaker:v0.17.1 and docker-compose up -d to switch to the patched version. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-798

Related Identifiers

CVE-2023-32077

GHSA-8X8H-HCQ8-JWWX

GO-2023-2022

Affected Products

Netmaker

CVE-2023-32077

Weakness Enumeration

Related Identifiers

Affected Products

References · 14