x/vulndb: potential Go vuln in github.com/aws/amazon-cloudwatch-agent: CVE-2022-23511 #1160
Assignees
Labels
excluded: EFFECTIVELY_PRIVATE
This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Comments
tatianab
added
the
excluded: EFFECTIVELY_PRIVATE
|
Change https://go.dev/cl/457635 mentions this issue: |
|
Change https://go.dev/cl/457636 mentions this issue: |
|
Change https://go.dev/cl/592835 mentions this issue: |
|
Change https://go.dev/cl/607232 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 21, 2024
- data/reports/GO-2022-1160.yaml - data/reports/GO-2022-1161.yaml - data/reports/GO-2022-1164.yaml - data/reports/GO-2022-1171.yaml - data/reports/GO-2022-1179.yaml - data/reports/GO-2022-1181.yaml - data/reports/GO-2022-1189.yaml - data/reports/GO-2022-1190.yaml - data/reports/GO-2022-1191.yaml - data/reports/GO-2022-1192.yaml - data/reports/GO-2022-1200.yaml - data/reports/GO-2022-1204.yaml - data/reports/GO-2022-1205.yaml - data/reports/GO-2022-1206.yaml - data/reports/GO-2022-1208.yaml - data/reports/GO-2022-1212.yaml - data/reports/GO-2022-1215.yaml - data/reports/GO-2022-1216.yaml - data/reports/GO-2022-1217.yaml - data/reports/GO-2022-1218.yaml Updates #1160 Updates #1161 Updates #1164 Updates #1171 Updates #1179 Updates #1181 Updates #1189 Updates #1190 Updates #1191 Updates #1192 Updates #1200 Updates #1204 Updates #1205 Updates #1206 Updates #1208 Updates #1212 Updates #1215 Updates #1216 Updates #1217 Updates #1218 Change-Id: I342a98eb3c967b16853089cb8f66a898af13b544 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607232 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2022-23511 references github.com/aws/amazon-cloudwatch-agent, which may be a Go module.
Description:
A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM permissions. Users with administrative access to affected hosts may use this to create a new command prompt as NT AUTHORITY\SYSTEM. To trigger this issue, the third party must be able to access the affected host and elevate their privileges such that they’re able to trigger the agent repair process. They must also be able to install the tools required to trigger the issue. This issue does not affect the CloudWatch Agent for macOS or Linux. Agent users should upgrade to version 1.247355 of the CloudWatch Agent to address this issue. There is no recommended work around. Affected users must update the installed version of the CloudWatch Agent to address this issue.
References:
Cross references:
No existing reports found with this module or alias.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: