CVE-2023-32077
7.5 HIGHNetmaker makes networks with WireGuard
Published: 2023-08-24 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-321, CWE-798
Affected products
| Vendor | Product |
|---|---|
| netmaker | netmaker |
Description
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2023-32077
- [Patch]https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51
- [Patch]https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657
- [Patch]https://github.com/gravitl/netmaker/pull/2170
- [Vendor advisory]https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
- [Patch]https://github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51
- [Patch]https://github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657
- [Patch]https://github.com/gravitl/netmaker/pull/2170
- [Vendor advisory]https://github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
Related CVEs
Same vendor
- CVE-2026-38651 — Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0 (8.2 HIGH)
- CVE-2026-29771 — Netmaker makes networks with WireGuard (6.5 MEDIUM)
- CVE-2023-32079 — Netmaker makes networks with WireGuard (8.8 HIGH)
- CVE-2023-32078 — Netmaker makes networks with WireGuard (7.5 HIGH)
- CVE-2022-36110 — Netmaker makes networks with WireGuard (8.8 HIGH)
Same CWE
- CVE-2026-47281 — Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network (9.6 CRITICAL)
- CVE-2026-11505 — A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)
- CVE-2026-11414 — A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service
- CVE-2026-46395 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
- CVE-2025-71317 — NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access (9.8 CRITICAL)