CVE-2024-47770 MEDIUM

CVE-2024-47770: Ability to view Agent list with no privilege access in wazuh-dashboard

Vendor Wazuh

Product wazuh

Weakness CWE-269

Published February 3, 2025

Last update February 4, 2025

View on NVD All CVEs

CVSS base score

4.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

February 3, 2025 CVE published

February 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-47770 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

CVE-2024-47770: Ability to view Agent list with no privilege access in wazuh-dashboard

01Description

02Disclosure timeline

03References

04Related CVE