CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8996 – Grafana Agent Flow on Windows Unquoted service path
https://notcve.org/view.php?id=CVE-2024-8996
25 Sep 2024 — Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2 • https://github.com/grafana/agent/releases/tag/v0.43.2 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46156 – Grafana's default installation of `synthetic-monitoring-agent` exposes sensitive information
https://notcve.org/view.php?id=CVE-2022-46156
30 Nov 2022 — The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed through a debugging endpoint. This token can be used to retrieve the Synthetic Monitoring checks created by the user and assigned to the agent identif... • https://github.com/grafana/synthetic-monitoring-agent/commit/d8dc7f9c1c641881cbcf0a09e178b90ebf0f0228 • CWE-489: Active Debug Code CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41090 – Instance config inline secret exposure
https://notcve.org/view.php?id=CVE-2021-41090
08 Dec 2021 — Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at `/-/config` and metrics instance configs defined for the scraping service are exposed at `/agent/api/v1/configs/:key`. Inline secrets will be exposed to anyone being able to r... • https://github.com/grafana/agent/commit/af7fb01e31fe2d389e5f1c36b399ddc46b412b21 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •