CVE-2022-36110 in Netmakerinfo

Summary

by MITRE • 09/10/2022

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/18/2026

The vulnerability described in CVE-2022-36110 represents a critical authorization flaw within the Netmaker network management platform that leverages WireGuard for secure networking. This issue affects versions prior to 0.15.1 and demonstrates a classic case of insufficient access control mechanisms that allow unauthorized users to escalate their privileges through API interactions. The vulnerability specifically targets the platform's permission model where non-administrative users can exploit improperly validated API calls to execute administrative functions, effectively bypassing the intended security boundaries.

The technical flaw stems from inadequate validation of user permissions within the API layer of Netmaker, where authentication tokens are not properly verified against the user's actual authorization level before executing privileged operations. This improper authorization mechanism creates a path for privilege escalation attacks where any authenticated user, regardless of their assigned role, can manipulate API requests to gain administrative access. The vulnerability manifests when users with standard privileges attempt to invoke administrative API endpoints, which should normally be restricted to authorized administrators but are instead executable by any user possessing a valid authentication token.

The operational impact of this vulnerability extends beyond simple unauthorized access, as it fundamentally compromises the security model of the entire Netmaker platform. An attacker with basic user credentials can potentially gain complete control over network configurations, user management, and infrastructure settings that should remain restricted to privileged administrators. This flaw directly violates the principle of least privilege and creates a significant attack surface that could enable data exfiltration, network disruption, or further lateral movement within environments where Netmaker is deployed. The vulnerability is particularly concerning in multi-tenant or enterprise environments where network segmentation and access control are critical security requirements.

The mitigation for this vulnerability requires immediate deployment of Netmaker version 0.15.1 or later, which implements proper authorization checks and ensures that API endpoints validate user permissions before executing privileged operations. Organizations should also conduct comprehensive audits of existing user permissions and authentication tokens to identify any potential exploitation that may have occurred before the patch was applied. Security teams should review API access logs for unusual patterns of privilege escalation attempts and implement additional monitoring for unauthorized administrative API calls. This vulnerability aligns with CWE-285, which addresses improper authorization issues in software systems, and could be categorized under ATT&CK technique T1078 for valid accounts and privilege escalation. The fix demonstrates proper implementation of access control mechanisms and serves as a reminder of the critical importance of validating user permissions at every API interaction point.

Responsible

GitHub, Inc.

Reservation

07/15/2022

Disclosure

09/10/2022

Moderation

accepted

CPE

ready

EPSS

0.00702

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!