Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elastic Agent Inclusion of Functionality from Untrusted Control Sphere
Vulnerability Description
Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Elastic Agent 安全漏洞
Vulnerability Description
Elastic Agent是荷兰Elastic公司的一个单一代理。可从每台主机收集日志、指标、跟踪、可用性、安全性和其他数据。 Elastic Agent存在安全漏洞,该漏洞源于未控制从不受信控制区域引入功能,可能导致本地用户执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A