CVE-2023-32077— Netmaker has Hardcoded DNS Secret Key

Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

使用硬编码的密码学密钥

Gravitl Netmaker 信任管理问题漏洞

Gravitl Netmaker是美国Gravitl公司的一个使用 WireGuard 创建和管理快速、安全和动态的虚拟覆盖网络的平台。用于创建和控制自动化虚拟网络。 Gravitl Netmaker 0.18.6之前版本存在安全漏洞，该漏洞源于存在硬编码的DNS密钥用法，允许未经身份验证的用户与DNS API端点交互。

N/A

N/A