CVE-2023-32078

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5

Description An Insecure Direct Object Reference (IDOR) vulnerability was found in the user update function, allowing an attacker to update another user's password by specifying their username.

Recommendations For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run docker pull gravitl/netmaker:v0.17.1 and docker-compose up -d to switch to the patched users. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.