CVE-2024-47770: 
Wazuh Agent vulnerability analysis and mitigation

Wazuh, a free and open source platform used for threat prevention, detection, and response across on-premises, virtualized, containerized, and cloud-based environments, was found to contain a privilege escalation vulnerability (CVE-2024-47770). The vulnerability was discovered and disclosed on February 3, 2025, affecting versions up to 4.9.0. The issue allows attackers to view the agent list on the Wazuh dashboard without proper privilege access (GitHub Advisory).

The vulnerability stems from weak privilege access controls in the Wazuh dashboard. While the GUI prevents unauthorized access, an attacker can bypass these restrictions by sending a specific POST request to '/api/request' with a GET method targeting the '/agents' endpoint. This allows viewing of agent information including IDs, names, IPs, groups, OS details, and status information, which should normally require specific role access such as admin or kibanauser privileges. The vulnerability has been assigned a CVSS v3.1 base score of 4.6 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N (GitHub Advisory).

The vulnerability allows unauthorized users to access sensitive information about all agents in the Wazuh deployment. This includes detailed system information such as agent IDs, names, IP addresses, operating system details, versions, and status information. Such access could provide attackers with valuable reconnaissance data about the protected infrastructure (GitHub Advisory).

This security issue has been addressed in Wazuh version 4.9.1. All users are advised to upgrade to this version or later. There are no known workarounds for this vulnerability, making the upgrade the only effective mitigation strategy (NVD).