CVE-2022-36110
published 2022-09-09CVE-2022-36110: Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.70%
48.6th percentile
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gravitl_netmaker | >= 0 < 0.15.1 | 0.15.1 |
| gravitl | netmaker | < 0.15.1 | 0.15.1 |
| netmaker | netmaker | < 0.15.1 | 0.15.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker
osv·2024-08-21
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker
Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker
Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker
GHSA
Netmaker vulnerable to Insufficient Granularity of Access Control
ghsa·2022-09-15
CVE-2022-36110 [HIGH] CWE-1220 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker vulnerable to Insufficient Granularity of Access Control
### Impact
Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API.
In addition, differing response codes based on function calls allowed non-users to potentially brute force the determination of names of networks on the system.
### Patches
This problem has been patched in v0.15.1. To apply:
1. docker-compose down
2. docker pull gravitl/netmaker:v0.15.1
3. docker-compose up -d
### For more information
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
This vulne
OSV
Netmaker vulnerable to Insufficient Granularity of Access Control
osv·2022-09-15
CVE-2022-36110 [HIGH] Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker vulnerable to Insufficient Granularity of Access Control
### Impact
Improper Authorization functions leads to non-privileged users running privileged API calls. If you have added users to your Netmaker platform who whould not have admin privileges, they could use their auth token to run admin-level functions via the API.
In addition, differing response codes based on function calls allowed non-users to potentially brute force the determination of names of networks on the system.
### Patches
This problem has been patched in v0.15.1. To apply:
1. docker-compose down
2. docker pull gravitl/netmaker:v0.15.1
3. docker-compose up -d
### For more information
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
This vulne
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-09
Published