CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
@huntrdevCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
netmakernetmaker
𝑥
< 0.8.5
netmakernetmaker
0.9.0 ≤
𝑥
< 0.9.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gravitlnetmaker
𝑥
< 0.8.5,0.9.4,0.10.0,0.10.1
CNA
Common Weakness Enumeration
References
https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac
https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac