CVE-2023-32077
high
CVSS v3
7.5
CVSS v2
—
VIR risk
7.5
Description
Netmaker has Hardcoded DNS Secret Key
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security-advisories@github.com — https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
Vendor advisory: security-advisories@github.com — https://github.com/gravitl/netmaker/pull/2170
Vendor advisory: security-advisories@github.com — https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657
Vendor advisory: security-advisories@github.com — https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/gravitl/netmaker | <0.17.1 | 0.17.1 |
| Go | github.com/gravitl/netmaker | >=0.18.0,<0.18.6 | 0.18.6 |
| GO | github.com/gravitl/netmaker | >= 0.18.0, < 0.18.6 | 0.18.6 |
| GO | github.com/gravitl/netmaker | < 0.17.1 | 0.17.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| netmaker | netmaker | {"endExcluding":"0.17.1"} | 0.17.1 |
References
- https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51
- https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657
- https://github.com/gravitl/netmaker/pull/2170
- https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
- https://nvd.nist.gov/vuln/detail/CVE-2023-32077
- https://github.com/gravitl/netmaker
- https://github.com/advisories/GHSA-8x8h-hcq8-jwwx
CWEs
CWE-321 CWE-798
Verify integrity in audit chain (admin only). AS-IS.