CVE-2023-32079

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5

Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in version 0.17.1 and fixed in version 0.18.6.

Recommendations For versions prior to 0.17.1, upgrade to version 0.17.1 or later. For versions 0.18.0 through 0.18.5, upgrade to version 0.18.6 or later. If using version 0.17.1, run docker pull gravitl/netmaker:v0.17.1 and docker-compose up -d to switch to the patched version. As a temporary workaround for version 0.17.1, pull the latest docker image of the backend and restart the server.