CVE-2023-50260

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2023-50260

Wazuh contains a vulnerability in the host_deny active-response script due to improper input validation for IP/JSON handling. An attacker can write arbitrary text into /etc/hosts.deny via the host_deny spawn directive, enabling arbitrary command execution. This can cause local privilege escalatio...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.2.0 through 4.7.2, which stems from a hostdeny that allows any...

condor: incorrect handling of wild cards in authorization lists

Condor before 7.0.4 does not properly handle wildcards in the ALLOWWRITE, DENYWRITE, HOSTALLOWWRITE, or HOSTDENYWRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions...