CVE-2024-8996 | THREATINT

Description

Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2

PUBLISHED Reserved 2024-09-19 | Published 2024-09-25 | Updated 2024-09-26 | Assigner GRAFANA

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-428 Unquoted Search Path or Element

Product status

Default status

unaffected

Any version before 0.43.2

affected

References

grafana.com/security/security-advisories/cve-2024-8996/

grafana.com/...rity-fix-for-cve-2024-8975-and-cve-2024-8996/

github.com/grafana/agent/releases/tag/v0.43.3

cve.org (CVE-2024-8996)

nvd.nist.gov (CVE-2024-8996)

Download JSON