From 2f7c207bdef6010bf28627c4ba254ff684b5263d Mon Sep 17 00:00:00 2001
From: William Dumont <william.dumont@grafana.com>
Date: Thu, 19 Sep 2024 12:15:40 +0200
Subject: [PATCH] [Cherry-pick]: add quotes windows path for CVE (#7029)

* add quotes windows path (#7028)

* update changelog

* update version to v0.43.1 (#7030)

* fix changelog
---
 CHANGELOG.md                                             | 7 +++++++
 docs/sources/_index.md                                   | 2 +-
 packaging/grafana-agent-flow/windows/install_script.nsis | 4 ++--
 static/operator/defaults.go                              | 2 +-
 tools/gen-versioned-files/agent-version.txt              | 2 +-
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b9b9205553fa..dc4732971e1d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,13 @@ This document contains a historical list of changes between releases. Only
 changes that impact end-user behavior are listed; changes to documentation or
 internal API changes are not present.
 
+v0.43.1 (2024-09-19)
+-------------------------
+
+### Security fixes
+
+- Add quotes to windows service path to prevent path interception attack. (@wildum)
+
 v0.43.0 (2024-09-11)
 -------------------------
 
diff --git a/docs/sources/_index.md b/docs/sources/_index.md
index b5ca3d7b16d7..89e001d80ad0 100644
--- a/docs/sources/_index.md
+++ b/docs/sources/_index.md
@@ -9,7 +9,7 @@ title: Grafana Agent
 description: Grafana Agent is a flexible, performant, vendor-neutral, telemetry collector
 weight: 350
 cascade:
-  AGENT_RELEASE: v0.43.0
+  AGENT_RELEASE: v0.43.1
   OTEL_VERSION: v0.96.0
 refs:
   variants:
diff --git a/packaging/grafana-agent-flow/windows/install_script.nsis b/packaging/grafana-agent-flow/windows/install_script.nsis
index 0d06eae01d76..7df80ab40d34 100644
--- a/packaging/grafana-agent-flow/windows/install_script.nsis
+++ b/packaging/grafana-agent-flow/windows/install_script.nsis
@@ -97,7 +97,7 @@ Section "install"
   Call InitializeRegistry
 
   # Create the service.
-  nsExec::ExecToLog 'sc create "Grafana Agent Flow" start= delayed-auto binpath= "$INSTDIR\grafana-agent-service-windows-amd64.exe"'
+  nsExec::ExecToLog 'sc create "Grafana Agent Flow" start= delayed-auto binpath= "\"$INSTDIR\grafana-agent-service-windows-amd64.exe\""'
   Pop $0
 
   # Start the service.
@@ -135,7 +135,7 @@ Function InitializeRegistry
   nsExec::ExecToLog 'Reg.exe query "${REGKEY}" /reg:64 /ve'
   Pop $0
   ${If} $0 == 1
-    nsExec::ExecToLog 'Reg.exe add "${REGKEY}" /reg:64 /ve /d "$INSTDIR\grafana-agent-flow-windows-amd64.exe"'
+    nsExec::ExecToLog 'Reg.exe add "${REGKEY}" /reg:64 /ve /d "\"$INSTDIR\grafana-agent-flow-windows-amd64.exe\""'
     Pop $0 # Ignore return result
   ${EndIf}
 
diff --git a/static/operator/defaults.go b/static/operator/defaults.go
index b1f8ce43fc15..1f61a219f6a3 100644
--- a/static/operator/defaults.go
+++ b/static/operator/defaults.go
@@ -2,7 +2,7 @@ package operator
 
 // Supported versions of the Grafana Agent.
 var (
-	DefaultAgentVersion   = "v0.43.0"
+	DefaultAgentVersion   = "v0.43.1"
 	DefaultAgentBaseImage = "grafana/agent"
 	DefaultAgentImage     = DefaultAgentBaseImage + ":" + DefaultAgentVersion
 )
diff --git a/tools/gen-versioned-files/agent-version.txt b/tools/gen-versioned-files/agent-version.txt
index e38880d6a2a4..134def0bfbdc 100644
--- a/tools/gen-versioned-files/agent-version.txt
+++ b/tools/gen-versioned-files/agent-version.txt
@@ -1 +1 @@
-v0.43.0
\ No newline at end of file
+v0.43.1
\ No newline at end of file