QSearchQSearch

CVE-2023-32078

7.5 HIGH

Netmaker makes networks with WireGuard

Published: 2023-08-24 · Last updated: 2026-05-18

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
CWE-639

Affected products

VendorProduct
netmakernetmaker

Description

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-38651 Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0 (8.2 HIGH)
  • CVE-2026-29771 Netmaker makes networks with WireGuard (6.5 MEDIUM)
  • CVE-2023-32079 Netmaker makes networks with WireGuard (8.8 HIGH)
  • CVE-2023-32077 Netmaker makes networks with WireGuard (7.5 HIGH)
  • CVE-2022-36110 Netmaker makes networks with WireGuard (8.8 HIGH)

Same CWE

  • CVE-2026-44692 Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
  • CVE-2026-46558 Plane is an open-source project management tool (8.3 HIGH)
  • CVE-2026-53471 A flaw was found in migration-planner (9.6 CRITICAL)
  • CVE-2026-53470 A flaw was found in migration-planner (9.6 CRITICAL)
  • CVE-2026-45563 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.3 MEDIUM)