Wazuh Provisioning Scripts Agent Build Environment
Monthly
Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.
Wazuh provisioning scripts and container build environments disable SSL/TLS certificate validation by invoking curl with the -k/--insecure flag, enabling man-in-the-middle attackers to intercept and modify downloaded dependencies during the build process and achieve remote code execution within the agent build infrastructure and supply chain. Unauthenticated network attackers with positioning on the network path can exploit this with moderate complexity to compromise the integrity of Wazuh agent builds, affecting all downstream deployments. No public exploit code or active exploitation has been confirmed at the time of analysis.