VDB

CVE-2024-8975

CVE-2024-8975 PUBLISHED CVSS 7.300000190734863 HIGH

Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-rc.1.

EPSS 0.10% · 27.0th percentile

Risk Scores

CVSS 3.1
7.300000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.10%
27.0th percentile

Affected Products

VendorProductVersions
GrafanaAlloy1.4.0-rc.0, 1.4.0-rc.0, 0
grafanaalloy0, 1.4.0, 1.4.0
github.comgrafana/alloy0, 0, 1.4.0-rc.0
grafanaalloy0, 1.4.0-rc.0, 0

Exploit Intelligence

Timeline

  • Sep 25, 2024 CVE Published
  • Sep 25, 2024 PoC Published
  • Sep 26, 2024 EPSS Score
  • Oct 5, 2024 Coalition ESS Score
  • Oct 9, 2024 CVE Updated
  • Oct 15, 2024 EPSS Score
  • Nov 4, 2024 EPSS Score
  • Nov 23, 2024 EPSS Score
  • Dec 13, 2024 EPSS Score
  • Jan 2, 2025 EPSS Score
  • Jan 21, 2025 EPSS Score
  • Feb 9, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›