All the vulnerabilites related to Chris Younger - Splunk Config Explorer
cve-2024-35291
Vulnerability from cvelistv5
Published
2024-05-27 04:39
Modified
2024-10-28 19:19
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Chris Younger | Splunk Config Explorer |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:35:48.576551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:19:54.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://splunkbase.splunk.com/app/4353"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN56781258/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Config Explorer",
"vendor": "Chris Younger ",
"versions": [
{
"status": "affected",
"version": "prior to 1.7.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-27T04:39:56.699Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://splunkbase.splunk.com/app/4353"
},
{
"url": "https://jvn.jp/en/jp/JVN56781258/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-35291",
"datePublished": "2024-05-27T04:39:56.699Z",
"dateReserved": "2024-05-15T08:15:33.551Z",
"dateUpdated": "2024-10-28T19:19:54.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2024-000051
Vulnerability from jvndb
Published
2024-05-24 13:50
Modified
2024-05-24 13:50
Severity ?
Summary
Splunk Config Explorer vulnerable to cross-site scripting
Details
Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability (CWE-79).
Taihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN56781258/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-35291 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Chris Younger | Splunk Config Explorer |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000051.html",
"dc:date": "2024-05-24T13:50+09:00",
"dcterms:issued": "2024-05-24T13:50+09:00",
"dcterms:modified": "2024-05-24T13:50+09:00",
"description": "Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability (CWE-79).\r\n\r\nTaihei Shimamine of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000051.html",
"sec:cpe": {
"#text": "cpe:/a:misc:chris_younger_splunk_config_explorer",
"@product": "Splunk Config Explorer",
"@vendor": "Chris Younger",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000051",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN56781258/index.html",
"@id": "JVN#56781258",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-35291",
"@id": "CVE-2024-35291",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Splunk Config Explorer vulnerable to cross-site scripting"
}