Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM. This issue affects Agent Flow before 0.43.3.
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack., inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at /-/config and metrics instance configs defined for the scraping service are exposed at /agent/api/v1/configs/:key. Inline secrets will be exposed to anyone being able to …