CVE-2024-47770

Опубликовано: 03 фев. 2025

Источник: nvd

CVSS3: 4.6

CVSS3: 8

EPSS Низкий

Описание

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv
Vendor Advisory
https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*

Версия до 4.9.1 (исключая)

EPSS

Процентиль: 25%

0.00087

Низкий

4.6 Medium

CVSS3

8 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

SUSE-SU-2025:0429-1

suse-cvrf

12 месяцев назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 25%

0.00087

Низкий

4.6 Medium

CVSS3

8 High

CVSS3

Дефекты

CWE-269