CVE-2022-0664

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntrdevCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
gravitlnetmaker
𝑥
< 0.8.5
gravitlnetmaker
0.9.0 ≤
𝑥
< 0.9.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac
https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac