3 matches found
CVE-2023-42455 Wazuh vulnerable to user privilege escalation
Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the AP...
CVE-2023-42455 Wazuh vulnerable to user privilege escalation
Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the AP...
CVE-2023-42455
Summary: CVE-2023-42455 affects Wazuh 4.4.0 and 4.4.1, where a logged-in dashboard user can obtain the Wazuh API administrator key via browser developer tools, potentially granting API administrator access regardless of dashboard-role privileges. The issue is resolved in version 4.4.2. Notes from...