Gravitl Vulnerabilities

An attacker with a specific user role can access and steal private keys for all WireGuard configurations in a network by using certain API calls, even though the user interface hides this information. This vulnerability exists in versions prior to 1.5.0, allowing unauthorized access to sensitive data without proper ownership checks.

This vulnerability allows an attacker with admin privileges to elevate their own account to super-admin status during user updates, potentially gaining full control over the system. This issue only affects versions prior to 1.5.0, so upgrading to the latest version is essential to mitigate the risk.

This vulnerability allows an attacker to repeatedly shut down the Netmaker server, causing it to go offline for about three seconds each time, which can disrupt network services. Any user with access to the server can exploit this issue, making it a significant risk if not updated to version 1.2.0 or later.

This vulnerability allows an attacker to use a valid host token to access, modify, or delete resources belonging to other hosts in the Netmaker system. To exploit this, the attacker only needs to know the identifiers for the targeted nodes or hosts and can do so without proper authorization checks, making it a serious risk if not updated to the patched version.