VYPR
Unrated severityNVD Advisory· Published Oct 9, 2023· Updated Sep 19, 2024

Wazuh vulnerable to user privilege escalation

CVE-2023-42455

Description

Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Wazuh/Wazuhllm-fuzzy
    Range: 4.4.0 - 4.4.1
  • wazuh/wazuh-kibana-appv5
    Range: >= 4.4.0, < 4.4.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.