Wazuh Provisioning Scripts (Agent Build Environment)
Approved changes feed: RSS · Atom
cpe:2.3:a:wazuh:wazuh_provisioning_scripts_(agent_build_environment):*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wazuh (a7402332-cdfc-5fc8-bb0e-3f511f6cb7fd) |
|---|---|
| Product | Wazuh Provisioning Scripts (Agent Build Environment) (7ae6429b-8543-5cd5-92e4-c9bcb63c1956) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-15612 |
vulnerable | 2026-06-08 07:06:36.554261 |
Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE
MEDIUM (4.8)
Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies or code during the build process, leading to remote code execution and supply chain compromise.
Published: 2026-03-27T18:16:11.058Z
Updated: 2026-05-14T02:07:18.872Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.