CVE-2024-52976

medium

Description

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.

References

https://discuss.elastic.co/t/elastic-agent-7-17-25-and-8-15-4-security-update-esa-2024-39/377708

Details

Source: Mitre, NVD

Published: 2025-05-01

Updated: 2025-05-02

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N