Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tNWd2LW01Zjktd2d2NM4AA_yA

Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM.
This issue affects Agent Flow before 0.43.3.

Permalink: https://github.com/advisories/GHSA-m5gv-m5f9-wgv4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNWd2LW01Zjktd2d2NM4AA_yA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 26 days ago
Updated: 12 days ago

CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-m5gv-m5f9-wgv4, CVE-2024-8996
References:

Repository: https://github.com/grafana/agent
Blast Radius: 0.0

Affected Packages

go:github.com/grafana/agent

Dependent packages: 2
Dependent repositories: 1
Downloads:
Affected Version Ranges: < 0.43.3
Fixed in: 0.43.3
All affected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.19.0, 0.20.0, 0.20.1, 0.21.0, 0.21.1, 0.21.2, 0.22.0, 0.22.9, 0.22.13, 0.22.14, 0.22.15, 0.22.23, 0.22.26, 0.22.30, 0.22.32, 0.23.0, 0.24.0, 0.24.1, 0.24.2, 0.25.0, 0.25.1, 0.26.0, 0.26.1, 0.27.0, 0.27.1, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 0.30.1, 0.30.2, 0.31.0, 0.31.1, 0.31.2, 0.31.3, 0.32.0, 0.32.1, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.34.2, 0.34.3, 0.35.0, 0.35.1, 0.35.2, 0.35.3, 0.35.4, 0.36.0, 0.36.1, 0.36.2, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.39.2, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4, 0.40.5, 0.41.0, 0.41.1, 0.42.0, 0.43.0, 0.43.1, 0.43.2
All unaffected versions: 0.43.3, 1.2.99, 1.3.191