CVE-2024-52976

Name of the Vulnerable Software and Affected Versions Elastic Agent (affected versions not specified)

Description The issue allows local attackers to execute arbitrary code via parameter injection in the osqueryd subprocess of Elastic Agent. This can happen due to the inclusion of functionality from an untrusted control sphere. An attacker would need local access and the ability to modify osqueryd configurations to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.