CVE-2022-23650

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23650
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23650.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23650
Aliases
Related
Published
2022-02-18T22:15:13Z
Modified
2025-01-15T02:18:45.455178Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can be exploited to run admin commands on a remote server if the exploiter know the address and username of the admin. This effects the server (netmaker) component, and not clients. This has been patched in Netmaker v0.8.5, v0.9.4, and v0.10.0. There are currently no known workarounds.

References

Affected packages

Git / github.com/gravitl/netmaker

Affected ranges

Type
GIT
Repo
https://github.com/gravitl/netmaker
Events

Affected versions

0.*

0.7

v0.*

v0.1
v0.10.0
v0.2
v0.3
v0.5
v0.5-beta
v0.5.10
v0.5.11
v0.5.5
v0.7
v0.7.1
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4