CVE-2022-0664
CRITICALGo github.com/gravitl/netmaker <0.8.5-0.10.1 - Info Disclosure
Title source: llmDescription
Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/29898a42-fd4f-4b5b-a8e3-ab573cb87eac
Patch, Third Party Advisory x_refsource_misc
https://github.com/gravitl/netmaker/commit/9bee12642986cb9534e268447b70e6f0f03c59cf
Scores
CVSS v3
9.8
EPSS
0.0167
EPSS Percentile
73.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-321
Status
published
Products (3)
gravitl/netmaker
< 0.8.5
gravitl/netmaker
0 - 0.8.5Go
netmaker/netmaker
< 0.8.5
Published
Feb 18, 2022
Tracked Since
Feb 18, 2026