GHSA-m5gv-m5f9-wgv4

Suggest an improvement
Source
https://github.com/advisories/GHSA-m5gv-m5f9-wgv4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-m5gv-m5f9-wgv4/GHSA-m5gv-m5f9-wgv4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m5gv-m5f9-wgv4
Aliases
  • CVE-2024-8996
Published
2024-09-25T18:31:21Z
Modified
2024-10-01T22:44:35.593873Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • 4.0 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Details

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM. This issue affects Agent Flow before 0.43.3.

References

Affected packages

Go / github.com/grafana/agent

Package

Name
github.com/grafana/agent
View open source insights on deps.dev
Purl
pkg:golang/github.com/grafana/agent

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.43.3