cve/2022/CVE-2022-36110.md

### [CVE-2022-36110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36110)
![](https://img.shields.io/static/v1?label=Product&message=netmaker&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1220%3A%20Insufficient%20Granularity%20of%20Access%20Control&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285%3A%20Improper%20Authorization&color=brighgreen)

### Description

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/karimhabush/cyberowl