Vulnerabilites related to Splunk - Splunk Cloud Platform
cve-2023-22939
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.457Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22939", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T18:25:52.800078Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T18:26:08.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Klevis Luli, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:47.779Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0209", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0209", }, title: "SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22939", datePublished: "2023-02-14T17:24:47.539Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:47.779Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32717
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.651Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Scott Calvert, Splunk", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.", }, ], value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.073Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0612", }, { url: "https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8/", }, ], source: { advisory: "SVD-2023-0612", }, title: "Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32717", datePublished: "2023-06-01T16:34:28.464Z", dateReserved: "2023-05-11T20:55:59.872Z", dateUpdated: "2025-02-28T11:03:51.073Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36987
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36987", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T19:58:40.852474Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T21:02:54.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Kyle Bambrick, Splunk", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:46.111Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0707", }, ], source: { advisory: "SVD-2024-0707", }, title: "Insecure File Upload in the indexing/preview REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36987", datePublished: "2024-07-01T16:30:36.235Z", dateReserved: "2024-05-30T16:36:21.000Z", dateUpdated: "2025-02-28T11:03:46.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45736
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.107", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.111", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45736", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T16:36:03.459233Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T16:40:23.384Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.107", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.111", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a search query with an improperly formatted \"INGEST_EVAL\" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).", }, ], value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a search query with an improperly formatted \"INGEST_EVAL\" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:54.861Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1006", }, { url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], source: { advisory: "SVD-2024-1006", }, title: "Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45736", datePublished: "2024-10-14T17:03:34.828Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:54.861Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32708
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-113", description: "The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.212Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0603", }, { url: "https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", }, ], source: { advisory: "SVD-2023-0603", }, title: "HTTP Response Splitting via the ‘rest’ SPL Command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32708", datePublished: "2023-06-01T16:34:27.126Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:58.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32709
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.020Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32709", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T21:01:02.556322Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T21:01:15.599Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:52.521Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0604", }, { url: "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", }, ], source: { advisory: "SVD-2023-0604", }, title: "Low-privileged User can View Hashed Default Splunk Password", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32709", datePublished: "2023-06-01T16:34:30.933Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:52.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53246
Vulnerability from cvelistv5
Published
2024-12-10 18:01
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:36.685783Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:13:47.167Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.101", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.106", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.111", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-319", description: "The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.865Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1204", }, ], source: { advisory: "SVD-2024-1204", }, title: "Sensitive Information Disclosure through SPL commands", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53246", datePublished: "2024-12-10T18:01:16.803Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:55.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20232
Vulnerability from cvelistv5
Published
2025-03-26 22:06
Modified
2025-03-27 13:49
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter. <br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20232", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T13:49:43.029541Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T13:49:49.830Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.103", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.108", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.113", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.208", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.212", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter. <br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter. <br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:06:00.180Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0304", }, ], source: { advisory: "SVD-2025-0304", }, title: "Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20232", datePublished: "2025-03-26T22:06:00.180Z", dateReserved: "2024-10-10T19:15:13.237Z", dateUpdated: "2025-03-27T13:49:49.830Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22941
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-22941", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T19:25:24.577246Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:26:49.549Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.436Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-248", description: "An exception is thrown from a function, but it is not caught.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:59.397Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0211", }, { url: "https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", }, ], source: { advisory: "SVD-2023-0211", }, title: "Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22941", datePublished: "2023-02-14T17:22:37.444Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:59.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36989
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36989", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T19:54:30.997403Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T19:54:43.678Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.575Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0709", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.004Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0709", }, { url: "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030", }, ], source: { advisory: "SVD-2024-0709", }, title: "Low-privileged user could create notifications in Splunk Web Bulletin Messages", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36989", datePublished: "2024-07-01T16:30:38.545Z", dateReserved: "2024-05-30T16:36:21.001Z", dateUpdated: "2025-02-28T11:03:53.004Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22935
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-03-20 13:55
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.442Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22935", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T13:55:26.103677Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T13:55:35.952Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.592Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0205", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0205", }, title: "SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22935", datePublished: "2023-02-14T17:22:36.093Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-03-20T13:55:35.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22933
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.416Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0203", }, { url: "https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4", }, ], source: { advisory: "SVD-2023-0203", }, title: "Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22933", datePublished: "2023-02-14T17:22:40.081Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:44.416Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32707
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-03-11 15:02
Severity ?
EPSS score ?
Summary
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:37.042Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:27:23.298660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-11T15:02:44.575Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Mr Hack (try_to_hack) Santiago Lopez", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.", }, ], value: "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:56.837Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0602", }, { url: "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", }, ], source: { advisory: "SVD-2023-0602", }, title: "‘edit_user’ Capability Privilege Escalation", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32707", datePublished: "2023-06-01T16:34:30.607Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-03-11T15:02:44.575Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20227
Vulnerability from cvelistv5
Published
2025-03-26 22:03
Modified
2025-03-27 13:50
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.1 Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20227", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T13:50:08.258188Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T13:50:15.585Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.4.1", status: "affected", version: "9.4", versionType: "custom", }, { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.107", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.113", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.115", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.208", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.214", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Taihei Shimamine", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.", }, ], value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:03:50.424Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0306", }, ], source: { advisory: "SVD-2025-0306", }, title: "Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20227", datePublished: "2025-03-26T22:03:50.424Z", dateReserved: "2024-10-10T19:15:13.236Z", dateUpdated: "2025-03-27T13:50:15.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45740
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45740", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:37:44.276401Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:37:53.294Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.100", status: "affected", version: "9.2.2403", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.462Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1010", }, { url: "https://research.splunk.com/application/d4f55f7c-6518-4122-a197-951fe0f21b25/", }, ], source: { advisory: "SVD-2024-1010", }, title: "Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45740", datePublished: "2024-10-14T17:03:29.360Z", dateReserved: "2024-09-05T21:35:21.291Z", dateUpdated: "2025-02-28T11:03:58.462Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22934
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "semver", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "semver", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-22934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-13T20:46:42.856991Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-18T18:36:23.394Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:58.707Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0204", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0204", }, title: "SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22934", datePublished: "2023-02-14T17:22:35.427Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:58.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36992
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36992", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T20:51:04.772976Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:36:57.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.510Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0712", }, ], source: { advisory: "SVD-2024-0712", }, title: "Persistent Cross-site Scripting (XSS) in Dashboard Elements", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36992", datePublished: "2024-07-01T16:30:51.507Z", dateReserved: "2024-05-30T16:36:21.001Z", dateUpdated: "2025-02-28T11:03:53.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45741
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:04
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.205", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45741", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:29:56.360207Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:31:19.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.205", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a malicious payload through a custom configuration file that the \"api.uri\" parameter from the \"/manager/search/apps/local\" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could create a malicious payload through a custom configuration file that the \"api.uri\" parameter from the \"/manager/search/apps/local\" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:04:00.392Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1011", }, { url: "https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/", }, ], source: { advisory: "SVD-2024-1011", }, title: "Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45741", datePublished: "2024-10-14T17:03:33.986Z", dateReserved: "2024-09-05T21:35:21.291Z", dateUpdated: "2025-02-28T11:04:00.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20228
Vulnerability from cvelistv5
Published
2025-03-26 22:04
Modified
2025-03-27 13:42
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20228", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T13:42:21.591699Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T13:42:27.944Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:04:31.566Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0303", }, ], source: { advisory: "SVD-2025-0303", }, title: "Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20228", datePublished: "2025-03-26T22:04:31.566Z", dateReserved: "2024-10-10T19:15:13.236Z", dateUpdated: "2025-03-27T13:42:27.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36996
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36996", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T19:26:51.643823Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T21:00:22.102Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-204", description: "The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.084Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0716", }, ], source: { advisory: "SVD-2024-0716", }, title: "Information Disclosure of user names", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36996", datePublished: "2024-07-01T16:30:41.186Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:41.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45737
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-45737", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T15:44:26.102067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T15:44:34.572Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.108", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.204", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], value: "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.256Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1007", }, { url: "https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8/", }, ], source: { advisory: "SVD-2024-1007", }, title: "Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45737", datePublished: "2024-10-14T17:03:37.328Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:53.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32706
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32706", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-07T20:39:32.865384Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T19:39:54.425Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "9.0.2303 and below", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Vikram Ashtaputre, Splunk", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.", }, ], value: "On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.652Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0601", }, ], source: { advisory: "SVD-2023-0601", }, title: "Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32706", datePublished: "2023-06-01T16:34:28.142Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:44.652Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22940
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:47.020Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0210", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], source: { advisory: "SVD-2023-0210", }, title: "SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22940", datePublished: "2023-02-14T17:22:34.688Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:47.020Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22936
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.429Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:49.899Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0206", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", }, ], source: { advisory: "SVD-2023-0206", }, title: "Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22936", datePublished: "2023-02-14T17:22:38.050Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:49.899Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36997
Vulnerability from cvelistv5
Published
2024-07-01 16:57
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.100", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:17:17.349360Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:32:06.701Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.100", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "STÖK / Fredrik Alexandersson", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.355Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0717", }, { url: "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c", }, ], source: { advisory: "SVD-2024-0717", }, title: "Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36997", datePublished: "2024-07-01T16:57:47.904Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:50.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20226
Vulnerability from cvelistv5
Published
2025-03-26 22:02
Modified
2025-03-27 13:50
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.1 Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20226", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T13:50:48.378365Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T13:50:54.966Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.4.1", status: "affected", version: "9.4", versionType: "custom", }, { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.107", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.111", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.1.2308.214", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the \"/services/streams/search\" endpoint through its \"q\" parameter. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the \"/services/streams/search\" endpoint through its \"q\" parameter. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:02:10.530Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0305", }, ], source: { advisory: "SVD-2025-0305", }, title: "Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20226", datePublished: "2025-03-26T22:02:10.530Z", dateReserved: "2024-10-10T19:15:13.235Z", dateUpdated: "2025-03-27T13:50:54.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20229
Vulnerability from cvelistv5
Published
2025-03-26 22:05
Modified
2025-03-28 03:55
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.0 Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20229", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T03:55:46.075Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.4.0", status: "affected", version: "9.4", versionType: "custom", }, { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.3.2408.104", status: "affected", version: "9.3.2408", versionType: "custom", }, { lessThan: "9.2.2406.108", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.114", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.208", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Alex Hordijk (hordalex)", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the \"$SPLUNK_HOME/var/run/splunk/apptemp\" directory due to missing authorization checks.", }, ], value: "In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the \"$SPLUNK_HOME/var/run/splunk/apptemp\" directory due to missing authorization checks.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:05:09.352Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0301", }, ], source: { advisory: "SVD-2025-0301", }, title: "Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20229", datePublished: "2025-03-26T22:05:09.352Z", dateReserved: "2024-10-10T19:15:13.236Z", dateUpdated: "2025-03-28T03:55:46.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36990
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36990", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:22:35.192684Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T15:44:40.147Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.202", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.209", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.2.2403.100, an authenticated, low-privileged user that does not hold the admin or power Splunk roles could send a specially crafted HTTP POST request to the datamodel/web REST endpoint in Splunk Enterprise, potentially causing a denial of service.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-835", description: "The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.950Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0710", }, { url: "https://research.splunk.com/application/45766810-dbb2-44d4-b889-b4ba3ee0d1f5", }, ], source: { advisory: "SVD-2024-0710", }, title: "Denial of Service (DoS) on the datamodel/web REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36990", datePublished: "2024-07-01T16:30:57.995Z", dateReserved: "2024-05-30T16:36:21.001Z", dateUpdated: "2025-02-28T11:03:44.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22932
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Tim Coen (foobar7)", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.", }, ], value: "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:57.639Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0202", }, { url: "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", }, ], source: { advisory: "SVD-2023-0202", }, title: "Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22932", datePublished: "2023-02-14T17:22:38.739Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:57.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36993
Vulnerability from cvelistv5
Published
2024-07-01 16:54
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36993", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T14:26:09.747401Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T15:44:23.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:40.785Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0713", }, { url: "https://research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1", }, ], source: { advisory: "SVD-2024-0713", }, title: "Persistent Cross-site Scripting (XSS) in Web Bulletin", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36993", datePublished: "2024-07-01T16:54:35.379Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:40.785Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22937
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.428Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2209.3", status: "affected", version: "-", versionType: "custom", }, ], }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.352Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0207", }, { url: "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", }, ], source: { advisory: "SVD-2023-0207", }, title: "Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22937", datePublished: "2023-02-14T17:24:45.588Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-02-28T11:03:41.352Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36986
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36986", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T20:10:45.837210Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-03T13:53:42.646Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0706", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:54.414Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0706", }, { url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], source: { advisory: "SVD-2024-0706", }, title: "Risky command safeguards bypass through Search ID query in Analytics Workspace", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36986", datePublished: "2024-07-01T16:30:42.325Z", dateReserved: "2024-05-30T16:36:21.000Z", dateUpdated: "2025-02-28T11:03:54.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22931
Vulnerability from cvelistv5
Published
2023-02-14 17:22
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.394Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "8.2.2203", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", }, ], value: "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:46.340Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0201", }, { url: "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", }, ], source: { advisory: "SVD-2023-0201", }, title: "‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22931", datePublished: "2023-02-14T17:22:36.712Z", dateReserved: "2023-01-10T21:39:55.583Z", dateUpdated: "2025-02-28T11:03:46.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32716
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32716", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T21:02:39.459959Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T21:02:52.897Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-754", description: "The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:45.371Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0611", }, { url: "https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6/", }, ], source: { advisory: "SVD-2023-0611", }, title: "Denial of Service via the 'dump' SPL command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32716", datePublished: "2023-06-01T16:34:29.168Z", dateReserved: "2023-05-11T20:55:59.872Z", dateUpdated: "2025-02-28T11:03:45.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36995
Vulnerability from cvelistv5
Published
2024-07-01 16:52
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36995", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T20:49:54.901075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T21:36:30.507Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "MrHack", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.127Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0715", }, { url: "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", }, ], source: { advisory: "SVD-2024-0715", }, title: "Low-privileged user could create experimental items", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36995", datePublished: "2024-07-01T16:52:57.700Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:55.127Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45732
Vulnerability from cvelistv5
Published
2024-10-14 17:03
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.1 Version: 9.2 < 9.2.3 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.2.2403.103", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { status: "unaffected", version: "9.1.2312.110", }, { lessThan: "9.1.2308.208", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45732", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T16:30:27.363227Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T16:34:10.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.1", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2403.103", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.110, 9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.208", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a search as the \"nobody\" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.", }, ], value: "In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could run a search as the \"nobody\" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:50.807Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1002", }, { url: "https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f/", }, ], source: { advisory: "SVD-2024-1002", }, title: "Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45732", datePublished: "2024-10-14T17:03:35.668Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:50.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36994
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-36994", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-01T18:38:06.384849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-01T21:02:28.232Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.200", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:49.669Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0714", }, { url: "https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d", }, ], source: { advisory: "SVD-2024-0714", }, title: "Persistent Cross-site Scripting (XSS) in Dashboard Elements", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36994", datePublished: "2024-07-01T16:30:40.653Z", dateReserved: "2024-05-30T16:36:21.002Z", dateUpdated: "2025-02-28T11:03:49.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53244
Vulnerability from cvelistv5
Published
2024-12-10 18:01
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53244", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:35.464246Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:13:39.636Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.2.2406.107", status: "affected", version: "9.2.2406", versionType: "custom", }, { lessThan: "9.2.2403.109", status: "affected", version: "9.2.2403", versionType: "custom", }, { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:44.167Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1202", }, ], source: { advisory: "SVD-2024-1202", }, title: "Risky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53244", datePublished: "2024-12-10T18:01:24.534Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:44.167Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29946
Vulnerability from cvelistv5
Published
2024-03-27 16:15
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.1 Version: 9.1 < 9.1.4 Version: 9.0 < 9.0.9 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0302", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "9.2.1", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.4", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.9", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "cloud", vendor: "splunk", versions: [ { lessThan: "9.1.2312.104", status: "affected", version: "0", versionType: "custom", }, { lessThan: "9.1.2308.205", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-29946", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:00:57.413620Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:38:11.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.1", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.4", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.9", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.104", status: "affected", version: "-", versionType: "custom", }, { lessThan: "9.1.2308.205", status: "affected", version: "-", versionType: "custom", }, ], }, ], datePublic: "2024-03-27T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.", }, ], value: "In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.", }, ], metrics: [ { cvssV3_1: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:53.749Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0302", }, { url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], source: { advisory: "SVD-2024-0302", }, title: "Risky command safeguards bypass in Dashboard Examples Hub", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-29946", datePublished: "2024-03-27T16:15:59.872Z", dateReserved: "2024-03-21T21:09:44.795Z", dateUpdated: "2025-02-28T11:03:53.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36982
Vulnerability from cvelistv5
Published
2024-07-01 16:31
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36982", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T19:30:42.665566Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-02T19:47:20.337Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0702", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "d0nahu3", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:48.458Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0702", }, ], source: { advisory: "SVD-2024-0702", }, title: "Denial of Service through null pointer reference in “cluster/config” REST endpoint", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36982", datePublished: "2024-07-01T16:31:04.078Z", dateReserved: "2024-05-30T16:36:20.999Z", dateUpdated: "2025-02-28T11:03:48.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36983
Vulnerability from cvelistv5
Published
2024-07-01 16:30
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.2 Version: 9.1 < 9.1.5 Version: 9.0 < 9.0.10 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", ], defaultStatus: "unknown", product: "splunk", vendor: "splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_cloud_platform", vendor: "splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-36983", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-02T20:10:58.843878Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:36:43.524Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:43:50.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { tags: [ "x_transferred", ], url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.2", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.5", status: "affected", version: "9.1", versionType: "custom", }, { lessThan: "9.0.10", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.109", status: "affected", version: "9.1.2312", versionType: "custom", }, { lessThan: "9.1.2308.207", status: "affected", version: "9.1.2308", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-07-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.", }, ], value: "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:59.649Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-0703", }, { url: "https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/", }, ], source: { advisory: "SVD-2024-0703", }, title: "Command Injection using External Lookups", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-36983", datePublished: "2024-07-01T16:30:41.779Z", dateReserved: "2024-05-30T16:36:20.999Z", dateUpdated: "2025-02-28T11:03:59.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37438
Vulnerability from cvelistv5
Published
2022-08-16 19:49
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html | x_refsource_CONFIRM | |
| https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0.1 Version: 8.2 < 8.2.7.1 Version: 8.1 < 8.1.11 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:29:21.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0.1", status: "affected", version: "9.0", versionType: "custom", }, { lessThan: "8.2.7.1", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "8.1.11", status: "affected", version: "8.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2205", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Eric LaMothe at Splunk", }, ], datePublic: "2022-08-16T00:00:00", descriptions: [ { lang: "en", value: "In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-17T20:02:14", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], source: { advisory: "SVD-2022-0802", defect: [ "SPL-221531", ], discovery: "INTERNAL", }, title: "Information disclosure via the dashboard drilldown in Splunk Enterprise", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-08-16T16:00:00.000Z", ID: "CVE-2022-37438", STATE: "PUBLIC", TITLE: "Information disclosure via the dashboard drilldown in Splunk Enterprise", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0.1", }, { version_affected: "<", version_name: "8.2", version_value: "8.2.7.1", }, { version_affected: "<", version_name: "8.1", version_value: "8.1.11", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_value: "9.0.2205", }, ], }, }, ], }, vendor_name: "Splunk", }, ], }, }, credit: [ { lang: "eng", value: "Eric LaMothe at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html", }, { name: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", refsource: "CONFIRM", url: "https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6", }, ], }, source: { advisory: "SVD-2022-0802", defect: [ "SPL-221531", ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-37438", datePublished: "2022-08-16T19:49:23.763068Z", dateReserved: "2022-08-05T00:00:00", dateUpdated: "2024-09-17T01:46:12.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-32152
Vulnerability from cvelistv5
Published
2022-06-15 16:46
Modified
2024-09-17 02:02
Severity ?
EPSS score ?
Summary
Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation | x_refsource_CONFIRM | |
| https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | x_refsource_CONFIRM | |
| https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/ | x_refsource_CONFIRM | |
| https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/ | x_refsource_CONFIRM | |
| https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.0 < 9.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:32:56.011Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.0", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "8.2.2203", status: "affected", version: "8.2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Chris Green at Splunk", }, ], datePublic: "2022-06-14T00:00:00", descriptions: [ { lang: "en", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-15T16:46:29", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], source: { advisory: "SVD-2022-0602", discovery: "INTERNAL", }, title: "Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", DATE_PUBLIC: "2022-06-14T11:55:00.000Z", ID: "CVE-2022-32152", STATE: "PUBLIC", TITLE: "Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_affected: "<", version_name: "9.0", version_value: "9.0", }, ], }, }, { product_name: "Splunk Cloud Platform", version: { version_data: [ { version_affected: "<", version_name: "8.2", version_value: "8.2.2203", }, ], }, }, ], }, vendor_name: "Splunk", }, ], }, }, credit: [ { lang: "eng", value: "Chris Green at Splunk", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-295 Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation", }, { name: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", refsource: "CONFIRM", url: "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", }, { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", refsource: "CONFIRM", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/", }, { name: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/", }, { name: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", refsource: "CONFIRM", url: "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/", }, { name: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", refsource: "CONFIRM", url: "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/", }, ], }, source: { advisory: "SVD-2022-0602", discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-32152", datePublished: "2022-06-15T16:46:29.133423Z", dateReserved: "2022-05-31T00:00:00", dateUpdated: "2024-09-17T02:02:11.058Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53245
Vulnerability from cvelistv5
Published
2024-12-10 18:00
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53245", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:39.289128Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:14:03.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.1.2312.206", status: "affected", version: "9.1.2312", versionType: "custom", }, ], }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.", }, ], value: "In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.", }, ], metrics: [ { cvssV3_1: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:55.614Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1203", }, ], source: { advisory: "SVD-2024-1203", }, title: "Information Disclosure due to Username Collision with a Role that has the same Name as the User", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53245", datePublished: "2024-12-10T18:00:33.254Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:55.614Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32710
Vulnerability from cvelistv5
Published
2023-06-01 16:34
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.14 Version: 8.2 < 8.2.11 Version: 9.0 < 9.0.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:25:36.729Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.14", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.11", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.5", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2303.100", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2023-06-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.", }, ], value: "In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.327Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0609", }, ], source: { advisory: "SVD-2023-0609", }, title: "Information Disclosure via the ‘copyresults’ SPL Command", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-32710", datePublished: "2023-06-01T16:34:28.796Z", dateReserved: "2023-05-11T20:55:59.871Z", dateUpdated: "2025-02-28T11:03:51.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22938
Vulnerability from cvelistv5
Published
2023-02-14 17:24
Modified
2025-03-19 18:53
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 8.1 < 8.1.13 Version: 8.2 < 8.2.10 Version: 9.0 < 9.0.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22938", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-19T18:52:55.146561Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-19T18:53:03.165Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "8.1.13", status: "affected", version: "8.1", versionType: "custom", }, { lessThan: "8.2.10", status: "affected", version: "8.2", versionType: "custom", }, { lessThan: "9.0.4", status: "affected", version: "9.0", versionType: "custom", }, ], }, { product: "Splunk Cloud Platform", vendor: "Splunk", versions: [ { lessThan: "9.0.2212", status: "affected", version: "-", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "James Ervin, Splunk", }, ], datePublic: "2023-02-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.", }, ], value: "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:51.816Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2023-0208", }, ], source: { advisory: "SVD-2023-0208", }, title: "Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2023-22938", datePublished: "2023-02-14T17:24:46.893Z", dateReserved: "2023-01-10T21:39:55.584Z", dateUpdated: "2025-03-19T18:53:03.165Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }