cbcvebase.
CVE-2022-36110
published 2022-09-09

CVE-2022-36110: Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If…

PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.70%
48.6th percentile
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

Affected

3 ranges
VendorProductVersion rangeFixed in
github.comgravitl_netmaker>= 0 < 0.15.10.15.1
gravitlnetmaker< 0.15.10.15.1
netmakernetmaker< 0.15.10.15.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.