Hi Folks! We’ve just published a security advisory...
# general
Hi Folks! We’ve just published a security advisory about osquery. An osquery administrator with access to osquery’s distributed read/write interface or configuration file can read/write/modify arbitrary sqlite databases on disk. This has been patched in github, and will be included in the impending 4.6.0 release. Advisory at https://github.com/osquery/osquery/security/advisories/GHSA-4g56-2482-x7q8 If you have any questions, feel free to reach out here or via DM.
osquery 2
👍 2
This falls into that annoying an "Admin can do Admin Stuff" category but thanks for the quick fix.