Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32077 PoC — Gravitl Netmaker 信任管理问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-32077.yaml
Associated Vulnerability
Title:Gravitl Netmaker 信任管理问题漏洞 (CVE-2023-32077)
Description:Gravitl Netmaker是美国Gravitl公司的一个使用 WireGuard 创建和管理快速、安全和动态的虚拟覆盖网络的平台。用于创建和控制自动化虚拟网络。 Gravitl Netmaker 0.18.6之前版本存在安全漏洞,该漏洞源于存在硬编码的DNS密钥用法,允许未经身份验证的用户与DNS API端点交互。
Description
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
File Snapshot

 id: CVE-2023-32077

info:
  name: Netmaker - Hardcoded DNS Secret Key
  author: iamnoooob,rootxharsh

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.