CVE-2023-32077: Netmaker has Hardcoded DNS Secret Key
(updated )
Hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
References
- github.com/advisories/GHSA-8x8h-hcq8-jwwx
- github.com/gravitl/netmaker/commit/1621c27c1d176b639e9768b2acad7693e387fd51
- github.com/gravitl/netmaker/commit/9362c39a9a822f0e07361aa7c77af2610597e657
- github.com/gravitl/netmaker/pull/2170
- github.com/gravitl/netmaker/security/advisories/GHSA-8x8h-hcq8-jwwx
- nvd.nist.gov/vuln/detail/CVE-2023-32077
Code Behaviors & Features
Detect and mitigate CVE-2023-32077 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →