CVE-2024-8975 – github.com/grafana/alloy

Package

Manager: go
Name: github.com/grafana/alloy
Vulnerable Version: >=0 <1.3.4 || >=1.4.0-rc.0 <1.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00013 pctl0.01578

Details

Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM. This issue affects Alloy: before 1.3.4, from 1.4.0-rc.0 and prior to 1.4.1.

Metadata

Created: 2024-09-25T18:31:21Z
Modified: 2024-10-09T22:05:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-chqx-36rm-rf8h/GHSA-chqx-36rm-rf8h.json
CWE IDs: ["CWE-428"]
Alternative ID: GHSA-chqx-36rm-rf8h
Finding: F313
Auto approve: 1