CVE-2024-57378 — HIGH (7.3)

Vulnerability Description

Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-284

References

https://github.com/bappe-sarker/Vulnerability-Research/tree/main/CVE-2024-57378

FAQ

What is CVE-2024-57378?

CVE-2024-57378 is a vulnerability with a CVSS score of 7.3 (HIGH). Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leadi...

How severe is CVE-2024-57378?

CVE-2024-57378 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-57378?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.