Vulnerability Details CVE-2023-32079
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-32079
-
cpe:2.3:a:gravitl:netmaker:-
-
cpe:2.3:a:gravitl:netmaker:0.1
-
cpe:2.3:a:gravitl:netmaker:0.10.0
-
cpe:2.3:a:gravitl:netmaker:0.10.1
-
cpe:2.3:a:gravitl:netmaker:0.11.0
-
cpe:2.3:a:gravitl:netmaker:0.11.1
-
cpe:2.3:a:gravitl:netmaker:0.12.0
-
cpe:2.3:a:gravitl:netmaker:0.12.1
-
cpe:2.3:a:gravitl:netmaker:0.12.2
-
cpe:2.3:a:gravitl:netmaker:0.13.0
-
cpe:2.3:a:gravitl:netmaker:0.13.1
-
cpe:2.3:a:gravitl:netmaker:0.14.0
-
cpe:2.3:a:gravitl:netmaker:0.14.1
-
cpe:2.3:a:gravitl:netmaker:0.14.2
-
cpe:2.3:a:gravitl:netmaker:0.14.3
-
cpe:2.3:a:gravitl:netmaker:0.14.4
-
cpe:2.3:a:gravitl:netmaker:0.14.5
-
cpe:2.3:a:gravitl:netmaker:0.14.6
-
cpe:2.3:a:gravitl:netmaker:0.15.0
-
cpe:2.3:a:gravitl:netmaker:0.15.1
-
cpe:2.3:a:gravitl:netmaker:0.15.2
-
cpe:2.3:a:gravitl:netmaker:0.16.0
-
cpe:2.3:a:gravitl:netmaker:0.16.1
-
cpe:2.3:a:gravitl:netmaker:0.16.2
-
cpe:2.3:a:gravitl:netmaker:0.16.3
-
cpe:2.3:a:gravitl:netmaker:0.17.0
-
cpe:2.3:a:gravitl:netmaker:0.18.0
-
cpe:2.3:a:gravitl:netmaker:0.18.1
-
cpe:2.3:a:gravitl:netmaker:0.18.2
-
cpe:2.3:a:gravitl:netmaker:0.18.3
-
cpe:2.3:a:gravitl:netmaker:0.18.4
-
cpe:2.3:a:gravitl:netmaker:0.18.5
-
cpe:2.3:a:gravitl:netmaker:0.2
-
cpe:2.3:a:gravitl:netmaker:0.3
-
cpe:2.3:a:gravitl:netmaker:0.5
-
cpe:2.3:a:gravitl:netmaker:0.5.10
-
cpe:2.3:a:gravitl:netmaker:0.5.11
-
cpe:2.3:a:gravitl:netmaker:0.5.5
-
cpe:2.3:a:gravitl:netmaker:0.7
-
cpe:2.3:a:gravitl:netmaker:0.7.1
-
cpe:2.3:a:gravitl:netmaker:0.7.3
-
cpe:2.3:a:gravitl:netmaker:0.8.0
-
cpe:2.3:a:gravitl:netmaker:0.8.1
-
cpe:2.3:a:gravitl:netmaker:0.8.2
-
cpe:2.3:a:gravitl:netmaker:0.8.3
-
cpe:2.3:a:gravitl:netmaker:0.8.4
-
cpe:2.3:a:gravitl:netmaker:0.8.5
-
cpe:2.3:a:gravitl:netmaker:0.9.0
-
cpe:2.3:a:gravitl:netmaker:0.9.1
-
cpe:2.3:a:gravitl:netmaker:0.9.2
-
cpe:2.3:a:gravitl:netmaker:0.9.3
-
cpe:2.3:a:gravitl:netmaker:0.9.4