PT-2026-28280 · Wazuh · Wazuh 4.12.0

Jackhac

+2

·

Publicado

2026-03-27

·

Atualizado

2026-03-28

·

CVE-2025-15617

CVSS v3.1

8.1

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wazuh version 4.12.0
Description Wazuh version 4.12.0 has an issue where the GITHUB TOKEN can be extracted from uploaded artifacts in GitHub Actions workflows. This allows attackers to potentially perform unauthorized actions, such as pushing malicious commits or altering release tags, within a limited timeframe.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2025-15617

Produtos afetados

Wazuh 4.12.0