What is CVE-2023-32078?

CVE-2023-32078 is a high-severity vulnerability in Gravitl Netmaker, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 7.5/10. Published 2023-08-24.

How severe is CVE-2023-32078?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Gravitl Netmaker

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.002 (45.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Gravitl Netmaker — versions < 0.17.1, >= 0.18.0, < 0.18.6
Netmaker

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2023-32078?: CVE-2023-32078 is a high-severity vulnerability in Gravitl Netmaker, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 7.5/10. Published 2023-08-24.
How severe is CVE-2023-32078?: High severity. CVSS v3 base score is 7.5 out of 10.