CVE-2024-8975

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

References

Affected packages

Git / github.com/grafana/alloy

Affected ranges

Type

GIT

Repo

https://github.com/grafana/alloy

Events

Introduced

Fixed

27914050e9e1d99d0fa0505e555dcfa268234103

Fixed

88e779887690954c009503598a3f4bf563cb6596

Fixed

f14249012fd970d3fd73604e6fff9b6c7990a9bb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.3"
        }
    ]
}

Affected versions

build-image/v0.*

build-image/v0.1.0

build-image/v0.1.1

build-image/v0.1.2

build-image/v0.1.3

build-image/v0.1.5

helm-chart/0.*

helm-chart/0.1.0

helm-chart/0.1.1

helm-chart/0.2.0

helm-chart/0.3.0

helm-chart/0.3.1

helm-chart/0.3.2

helm-chart/0.4.0

helm-chart/0.5.0

helm-chart/0.5.1

helm-chart/0.6.0

helm-chart/0.6.1

helm-chart/0.7.0

syntax/v0.*

syntax/v0.1.0

v1.*

v1.0.0

v1.3.0

v1.3.0-rc.0

v1.3.0-rc.1

v1.3.1

v1.3.2

v1.4.0

v1.4.0-rc.0

v1.4.0-rc.1

v1.4.0-rc.2

v1.4.0-rc.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8975.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.4.0-rc0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.4.0-rc1"
            }
        ]
    }
]