x/vulndb: potential Go vuln in github.com/wazuh/wazuh: CVE-2024-47770

[GoVulnBot]

Advisory CVE-2024-47770 references a vulnerability in the following Go modules:

Module
github.com/wazuh/wazuh

Description:
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-47770
• WEB: GHSA-648q-8m78-5cwv

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/wazuh/wazuh
      vulnerable_at: 4.10.1+incompatible
summary: CVE-2024-47770 in github.com/wazuh/wazuh
cves:
    - CVE-2024-47770
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-47770
    - web: https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv
source:
    id: CVE-2024-47770
    created: 2025-02-03T23:01:31.070107068Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/646595 mentions this issue: data/reports: add 9 unreviewed reports