CVE-2025-15617

High CVSS: 8.3

Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.

Vendor

Wazuh

Product

Wazuh

CWE

CWE-522

Yayın Tarihi

2026-03-27 18:16:03

Güncelleme

2026-03-31 17:58:15

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-522 Wazuh HIGH Wazuh 2026

Referanslar

https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x https://www.vulncheck.com/advisories/exposure-of-the-github-token-in-wazuh-workflow-run-artifact https://github.com/wazuh/wazuh/security/advisories/GHSA-6xqr-4q5g-xc7x

Benzer Kayıtlar

Medium

CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

High

CVE-2025-15616

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search pa…

Medium

CVE-2026-32983

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-i…

Medium

CVE-2026-32984

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…

Medium

CVE-2023-7340

Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed…

Medium

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0…