Home > Vulnerability Database > CVE-2023-32077

Mend.io Vulnerability Database

CVE-2023-32077

Good to know:

Date: August 24, 2023

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Language: Go

Severity Score

7.5

Related Resources (6)

Url: https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32077

Url: https://github.com/gravitl/netmaker/pull/2170

Url: https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657

Url: https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51

Url: https://www.mend.io/vulnerability-database/CVE-2023-32077

Severity Score

7.5

Weakness Type (CWE)

Use of Hard-coded Credentials

CWE-798

Use of Hard-coded Cryptographic Key

CWE-321

Top Fix

Upgrade Version

Upgrade to version v0.18.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32077

Good to know:

Date: August 24, 2023

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?