Filtered by vendor Wazuh
Subscriptions
Filtered by product Wazuh-dashboard
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64483 | 1 Wazuh | 2 Wazuh, Wazuh-dashboard | 2025-11-25 | N/A |
| Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the /utils/configuration endpoint. These credentials can be used to register new agents within the same Wazuh tenant without requiring elevated permissions through the UI. This issue has been patched in version 4.13.0. | ||||
| CVE-2023-42455 | 1 Wazuh | 2 Wazuh-dashboard, Wazuh-kibana-app | 2024-11-21 | 8.8 High |
| Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds. | ||||
Page 1 of 1.