Wazuh 4.12.0
Approved changes feed: RSS · Atom
cpe:2.3:a:wazuh:wazuh:4.12.0:*:*:*:*:*:*:*
part: a version: 4.12.0 update: *
| Vendor | Wazuh (a7402332-cdfc-5fc8-bb0e-3f511f6cb7fd) |
|---|---|
| Product | Wazuh (00a4f3c1-781b-55af-9e0f-164b9f0d64d7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/wazuh/wazuh |
purl2cpe | 2026-06-01 10:16:58.087926 |
pkg:github/wazuh/wazuh |
purl2cpe | 2026-06-01 10:16:58.087927 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-15617 |
vulnerable | 2026-06-08 07:06:36.560544 |
Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
MEDIUM (6.5)
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.
Published: 2026-03-27T18:04:13.691Z
Updated: 2026-05-12T20:46:38.272Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.