Filtered by vendor Gravitl
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2022-09-14 | N/A | 8.8 HIGH |
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | |||||
CVE-2022-23650 | 1 Gravitl | 1 Netmaker | 2022-03-08 | 9.0 HIGH | 8.8 HIGH |
Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds. | |||||
CVE-2022-0664 | 1 Gravitl | 1 Netmaker | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. |