-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: potential Go vuln in github.com/aws/amazon-cloudwatch-agent: CVE-2022-23511 #1160
Comments
Change https://go.dev/cl/457635 mentions this issue: |
Change https://go.dev/cl/457636 mentions this issue: |
Change https://go.dev/cl/592835 mentions this issue: |
Change https://go.dev/cl/607232 mentions this issue: |
- data/reports/GO-2022-1160.yaml - data/reports/GO-2022-1161.yaml - data/reports/GO-2022-1164.yaml - data/reports/GO-2022-1171.yaml - data/reports/GO-2022-1179.yaml - data/reports/GO-2022-1181.yaml - data/reports/GO-2022-1189.yaml - data/reports/GO-2022-1190.yaml - data/reports/GO-2022-1191.yaml - data/reports/GO-2022-1192.yaml - data/reports/GO-2022-1200.yaml - data/reports/GO-2022-1204.yaml - data/reports/GO-2022-1205.yaml - data/reports/GO-2022-1206.yaml - data/reports/GO-2022-1208.yaml - data/reports/GO-2022-1212.yaml - data/reports/GO-2022-1215.yaml - data/reports/GO-2022-1216.yaml - data/reports/GO-2022-1217.yaml - data/reports/GO-2022-1218.yaml Updates #1160 Updates #1161 Updates #1164 Updates #1171 Updates #1179 Updates #1181 Updates #1189 Updates #1190 Updates #1191 Updates #1192 Updates #1200 Updates #1204 Updates #1205 Updates #1206 Updates #1208 Updates #1212 Updates #1215 Updates #1216 Updates #1217 Updates #1218 Change-Id: I342a98eb3c967b16853089cb8f66a898af13b544 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607232 Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Commit-Queue: Tatiana Bradley <[email protected]>
CVE-2022-23511 references github.com/aws/amazon-cloudwatch-agent, which may be a Go module.
Description:
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.
References:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: