Security

SECURITY.md

Security Policy

Netmaker is reliant on secure networking. If you find a vulnerability or bug please report it. Depending on complexity or severity, the Gravitl team may compensate (aka. bug bounty) the reporter. However, there is no official bug bounty program up yet for the Netmaker project.

Supported Versions

We currently are only able to support work on the latest version(s)

Reporting a Vulnerability

Please report security issues to info@netmaker.io

Privilige Escalation: Non Admin To Admin User
GHSA-826j-8wp2-4x6q published Aug 24, 2023 by afeiszli

Critical
IDOR To Update Other User's Password
GHSA-256m-j5qw-38f4 published Aug 24, 2023 by afeiszli

High
Hardcoded DNS Secret Key
GHSA-8x8h-hcq8-jwwx published Aug 24, 2023 by afeiszli

High
Insufficient Granularity of Access Control in Netmaker
GHSA-ggf6-638m-vqmg published Sep 9, 2022 by afeiszli

Moderate
Use of Hard-coded Cryptographic Key
GHSA-86f3-hf24-76q4 published Feb 18, 2022 by afeiszli

High

Learn more about advisories related to gravitl/netmaker in the GitHub Advisory Database