CVE-2023-32078

Summary

CVE-2023-32078 is a vulnerability affecting Netmaker, a tool used to create networks with WireGuard. An Insecure Direct Object Reference (IDOR) issue was discovered in the user update function of versions prior to 0.17.1 and 0.18.6. By inputting another user's username, an attacker could manipulate the function and update that user's password. Netmaker users running version 0.17.1 should pull the latest docker image and restart the server to apply the patch. Users on versions 0.18.0 to 0.18.5 are advised to upgrade to v0.18.6 or later. A workaround for version 0.17.1 users is to update the backend docker image.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.