Grafana Alloy unquoted service path

CVE ID: CVE-2024-8975

Date Published: September 25, 2024

Description:

On a windows machine, the Grafana Alloy service prior to 1.3.3 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Alloy installation and do a clean install. An update will not resolve the issue. An alternative would be to add the double quotes manually to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alloy\ImagePath