Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jaHF4LTM2cm0tcmY4aM4AA_x0

Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM.
This issue affects Alloy: before 1.3.4, from 1.4.0-rc.0 and prior to 1.4.1.

Permalink: https://github.com/advisories/GHSA-chqx-36rm-rf8h
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jaHF4LTM2cm0tcmY4aM4AA_x0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: about 2 months ago


CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Percentage: 0.00042
EPSS Percentile: 0.05089

Identifiers: GHSA-chqx-36rm-rf8h, CVE-2024-8975
References: Repository: https://github.com/grafana/alloy
Blast Radius: 1.0

Affected Packages

go:github.com/grafana/alloy
Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: >= 1.4.0-rc.0, < 1.4.1, < 1.3.4
Fixed in: 1.4.1, 1.3.4
All affected versions: 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.0-rc.0, 1.4.0-rc.1, 1.4.0-rc.2, 1.4.0-rc.3
All unaffected versions: 1.3.4, 1.4.1, 1.4.2, 1.4.3, 1.5.0