CVE-2024-8996 – github.com/grafana/agent

Package

Manager: go
Name: github.com/grafana/agent
Vulnerable Version: >=0 <0.43.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00033 pctl0.07825

Details

Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM. This issue affects Agent Flow before 0.43.3.

Metadata

Created: 2024-09-25T18:31:21Z
Modified: 2024-10-09T22:12:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-m5gv-m5f9-wgv4/GHSA-m5gv-m5f9-wgv4.json
CWE IDs: ["CWE-428"]
Alternative ID: GHSA-m5gv-m5f9-wgv4
Finding: F313
Auto approve: 1