CVE-2024-8975

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Sep 25, 2024

Updated: Dec 26, 2024

CWE ID 428

Summary

CVE-2024-8975 is a newly disclosed vulnerability that impacts Grafana Alloy on Windows systems. The issue involves an Unquoted Search Path or Element vulnerability, which can be exploited for Privilege Escalation, granting a local user SYSTEM-level access. This security flaw affects Grafana Alloy versions prior to 1.3.3 and from 1.4.0-rc.0 through 1.4.0-rc.1. Successful exploitation could lead to significant security risks, highlighting the importance of updating affected installations promptly to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Grafana Labs

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yvaAc7
https://www.cve.org/CVERecord?id=CVE-2024-8975
https://nvd.nist.gov/vuln/detail/CVE-2024-8975

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-8975

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations