Privilege Escalation Vulnerability in Grafana Agent Flow Mode for Windows
CVE-2024-8996

7.8HIGH

Key Information:

Vendor: Grafana
Status: Agent Flow
Vendor: CVE Published:; 25 September 2024

Summary

A vulnerability exists in Grafana Agent (Flow mode) on Windows due to an unquoted search path or element. This flaw allows local users to escalate their privileges to that of the SYSTEM user, potentially granting them unauthorized access and control over critical system functions. The affected versions include Grafana Agent prior to 0.43.2, emphasizing the importance of updating to mitigate the risks associated with this security issue.

Affected Version(s)

Agent Flow Windows 0 < 0.43.2

References

https://grafana.com/security/security-advisories/cve-2024...

https://grafana.com/blog/2024/09/25/grafana-alloy-and-gra...

https://github.com/grafana/agent/releases/tag/v0.43.3

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2024