CVE-2024-47770

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.9.1

Description: This issue occurs when the system has weak privilege access, allowing an attacker to perform privilege escalation. As a result, an attacker can view the agent list on the Wazuh dashboard without privilege access. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For versions prior to 4.9.1, upgrade to version 4.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the Wazuh dashboard to minimize the risk of exploitation. There are no known workarounds for this vulnerability.