CVE-2024-52976

Publication date

2025-05-01 13:03:58

Family

elastic

State

PUBLISHED

Description

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. An attacker requires local access and the ability to modify osqueryd configurations.