Vulnerability Details CVE-2024-52976
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.
An attacker requires local access and the ability to modify osqueryd configurations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.4%
CVSS Severity
CVSS v3 Score 4.4
References
Products affected by CVE-2024-52976
-
cpe:2.3:a:elastic:elastic_agent:*
-
cpe:2.3:a:elastic:elastic_agent:8.0.0
-
cpe:2.3:a:elastic:elastic_agent:8.15.0
-
cpe:2.3:a:elastic:elastic_agent:8.6.0
-
cpe:2.3:a:elastic:elastic_agent:8.9.2