Description
Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.
Published: 2026-03-27
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: Token exposure permitting unauthorized commits and tag changes
Action: Patch
AI Analysis

Impact

The vulnerability in Wazuh version 4.12.0 exposes the GitHub Actions workflow artifact containing the GITHUB_TOKEN. This secret can be extracted by attackers who can access the artifact. During the limited validity period of the token, the attacker can inject malicious commits or override release tags.

Affected Systems

Affected systems are Wazuh releases identifying as Wazuh:Wazuh (GitHub Actions) with the affected version listed as 4.12.0. No other version or product information was provided.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. No EPSS score is available and the vulnerability is not in CISA's KEV catalog. The likely attack vector involves remote exploitation via access to workflow artifacts on GitHub; an attacker must obtain the artifact to retrieve the token. The impact is higher when the token has write privileges, allowing unauthorized pushes or tag modifications within the token's short‑lived window.

Generated by OpenCVE AI on March 27, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Wazuh update that removes the secret from artifacts
  • Modify the GitHub Actions workflow to exclude the GITHUB_TOKEN from stored artifacts or delete it before artifact creation
  • Monitor the repository for unexpected commits or tag changes
  • Revoke or rotate the exposed GITHUB_TOKEN immediately

Generated by OpenCVE AI on March 27, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Title Exposure of the GITHUB_TOKEN in wazuh workflow run artifact Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials

Fri, 27 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description Wazuh version 4.12.0 contains an exposure vulnerability in GitHub Actions workflow artifacts that allows attackers to extract the GITHUB_TOKEN from uploaded artifacts. Attackers can use the exposed token within a limited time window to perform unauthorized actions such as pushing malicious commits or altering release tags.
Title Exposure of the GITHUB_TOKEN in wazuh workflow run artifact
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-27T19:47:47.000Z

Reserved: 2026-03-27T17:55:46.750Z

Link: CVE-2025-15617

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T18:16:03.173

Modified: 2026-03-27T18:16:03.173

Link: CVE-2025-15617

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:53Z

Weaknesses