Hi Folks! We’ve just published a security advisory about osquery.
An osquery administrator with access to osquery’s distributed read/write interface or configuration file can read/write/modify arbitrary sqlite databases on disk. This has been patched in github, and will be included in the impending 4.6.0 release.
Advisory at https://github.com/osquery/osquery/security/advisories/GHSA-4g56-2482-x7q8
If you have any questions, feel free to reach out here or via DM.
12/15/2020, 9:20 PM
This falls into that annoying an "Admin can do Admin Stuff" category but thanks for the quick fix.