CVE-2022-36110

Incorrect Authorization in go/github.com/gravitl/netmaker

Identifiers

GHSA-ggf6-638m-vqmg, CVE-2022-36110

Package Slug

go/github.com/gravitl/netmaker

Vulnerability

Incorrect Authorization

Description

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

Affected Versions

All versions before 0.15.1

Solution

Upgrade to version 0.15.1 or above.

Last Modified

2022-09-15

source