Vulnerability Details CVE-2022-36110
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.7%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-36110
-
cpe:2.3:a:gravitl:netmaker:-
-
cpe:2.3:a:gravitl:netmaker:0.1
-
cpe:2.3:a:gravitl:netmaker:0.10.0
-
cpe:2.3:a:gravitl:netmaker:0.10.1
-
cpe:2.3:a:gravitl:netmaker:0.11.0
-
cpe:2.3:a:gravitl:netmaker:0.11.1
-
cpe:2.3:a:gravitl:netmaker:0.12.0
-
cpe:2.3:a:gravitl:netmaker:0.12.1
-
cpe:2.3:a:gravitl:netmaker:0.12.2
-
cpe:2.3:a:gravitl:netmaker:0.13.0
-
cpe:2.3:a:gravitl:netmaker:0.13.1
-
cpe:2.3:a:gravitl:netmaker:0.14.0
-
cpe:2.3:a:gravitl:netmaker:0.14.1
-
cpe:2.3:a:gravitl:netmaker:0.14.2
-
cpe:2.3:a:gravitl:netmaker:0.14.3
-
cpe:2.3:a:gravitl:netmaker:0.14.4
-
cpe:2.3:a:gravitl:netmaker:0.14.5
-
cpe:2.3:a:gravitl:netmaker:0.14.6
-
cpe:2.3:a:gravitl:netmaker:0.15.0
-
cpe:2.3:a:gravitl:netmaker:0.2
-
cpe:2.3:a:gravitl:netmaker:0.3
-
cpe:2.3:a:gravitl:netmaker:0.5
-
cpe:2.3:a:gravitl:netmaker:0.5.10
-
cpe:2.3:a:gravitl:netmaker:0.5.11
-
cpe:2.3:a:gravitl:netmaker:0.5.5
-
cpe:2.3:a:gravitl:netmaker:0.7
-
cpe:2.3:a:gravitl:netmaker:0.7.1
-
cpe:2.3:a:gravitl:netmaker:0.7.3
-
cpe:2.3:a:gravitl:netmaker:0.8.0
-
cpe:2.3:a:gravitl:netmaker:0.8.1
-
cpe:2.3:a:gravitl:netmaker:0.8.2
-
cpe:2.3:a:gravitl:netmaker:0.8.3
-
cpe:2.3:a:gravitl:netmaker:0.8.4
-
cpe:2.3:a:gravitl:netmaker:0.8.5
-
cpe:2.3:a:gravitl:netmaker:0.9.0
-
cpe:2.3:a:gravitl:netmaker:0.9.1
-
cpe:2.3:a:gravitl:netmaker:0.9.2
-
cpe:2.3:a:gravitl:netmaker:0.9.3
-
cpe:2.3:a:gravitl:netmaker:0.9.4