Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-32078

Good to know:

icon

Date: August 24, 2023

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Language: Go

Severity Score

Related Resources (5)

https://github.com/gravitl/netmaker/security/advisories/GHSA-256m-j5qw-38f4
https://nvd.nist.gov/vuln/detail/CVE-2023-32078
https://github.com/gravitl/netmaker/commit/b3be57c65bf0bbfab43b66853c8e3637a43e2839
https://github.com/gravitl/netmaker/pull/2158
https://www.mend.io/vulnerability-database/CVE-2023-32078

Severity Score

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

Top Fix

icon

Upgrade Version

Upgrade to version v0.18.6

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE

Do you need more information?

Contact Us