Home > Vulnerability Database > CVE-2023-32079

Mend.io Vulnerability Database

CVE-2023-32079

Good to know:

Date: August 24, 2023

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1" and "docker-compose up -d". This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Language: Go

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32079

Url: https://github.com/gravitl/netmaker/security/advisories/GHSA-826j-8wp2-4x6q

Url: https://github.com/gravitl/netmaker

Url: https://www.mend.io/vulnerability-database/CVE-2023-32079

Severity Score

8.8

Weakness Type (CWE)

Improperly Controlled Modification of Dynamically-Determined Object Attributes

CWE-915

Top Fix

Upgrade Version

Upgrade to version github.com/gravitl/netmaker - v0.17.1;github.com/gravitl/netmaker - v0.18.6

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32079

Good to know:

Date: August 24, 2023

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?