CVE-2024-57378

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378

Configurations

No configuration.

History

17 Mar 2025, 19:15

Type	Values Removed	Values Added
CWE		CWE-284
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.3
Summary		(es) La versión 4.8.2 de Wazuh SIEM se ve afectada por una vulnerabilidad de control de acceso no autorizado. Este problema permite la creación no autorizada de usuarios internos sin asignar ningún rol de usuario existente, lo que puede provocar una escalada de privilegios o un acceso no autorizado a recursos confidenciales.

13 Feb 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-13 22:15

Updated : 2025-03-17 19:15

NVD link : CVE-2024-57378

Mitre link : CVE-2024-57378

CVE.ORG link : CVE-2024-57378

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

7.3 /10