CVE-2024-8975

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:grafana:alloy:*:*:*:*:*:*:*:*
cpe:2.3:a:grafana:alloy:1.4.0:rc.0:*:*:*:*:*:*
cpe:2.3:a:grafana:alloy:1.4.0:rc.1:*:*:*:*:*:*

History

01 Oct 2024, 19:20

Type Values Removed Values Added
CPE cpe:2.3:a:grafana:alloy:1.4.0:rc.1:*:*:*:*:*:*
cpe:2.3:a:grafana:alloy:*:*:*:*:*:*:*:*
cpe:2.3:a:grafana:alloy:1.4.0:rc.0:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 7.3
v2 : unknown
v3 : 7.8
First Time Grafana alloy
Grafana
References () https://github.com/grafana/alloy/releases/tag/v1.3.4 - () https://github.com/grafana/alloy/releases/tag/v1.3.4 - Release Notes
References () https://github.com/grafana/alloy/releases/tag/v1.4.1 - () https://github.com/grafana/alloy/releases/tag/v1.4.1 - Release Notes
References () https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/ - () https://grafana.com/blog/2024/09/25/grafana-alloy-and-grafana-agent-flow-security-release-high-severity-fix-for-cve-2024-8975-and-cve-2024-8996/ - Vendor Advisory
References () https://grafana.com/security/security-advisories/cve-2024-8975/ - () https://grafana.com/security/security-advisories/cve-2024-8975/ - Vendor Advisory

26 Sep 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/grafana/alloy/releases/tag/v1.4.0', 'source': 'security@grafana.com'}
  • () https://github.com/grafana/alloy/releases/tag/v1.3.4 -
  • () https://github.com/grafana/alloy/releases/tag/v1.4.1 -

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de ruta o elemento de búsqueda sin comillas en Grafana Alloy en Windows permite la escalada de privilegios del usuario local al SYSTEM. Este problema afecta a Alloy: antes de 1.3.3, desde 1.4.0-rc.0 hasta 1.4.0-rc.1.

25 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-25 17:15

Updated : 2024-10-01 19:20


NVD link : CVE-2024-8975

Mitre link : CVE-2024-8975

CVE.ORG link : CVE-2024-8975


JSON object : View

Products Affected

grafana

  • alloy
CWE
CWE-428

Unquoted Search Path or Element