Approved changes feed: RSS · Atom

cpe:2.3:a:wazuh:wazuh_(github_actions):*:*:*:*:*:*:*:*

part: a version: * update: *

VendorWazuh (a7402332-cdfc-5fc8-bb0e-3f511f6cb7fd)
ProductWazuh (Github Actions) (263853c7-6f56-534e-9434-8b002127f975)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-15617 vulnerable 2026-06-08 07:06:36.559582 Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials
MEDIUM (6.5)
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.
Published: 2026-03-27T18:04:13.691Z
Updated: 2026-05-12T20:46:38.272Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.