cve-2024-36997
Vulnerability from cvelistv5
Published
2024-07-01 16:57
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud Platform |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unknown",
"product": "splunk",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.2.2",
"status": "affected",
"version": "9.2",
"versionType": "custom"
},
{
"lessThan": "9.1.5",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "splunk_cloud_platform",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.1.2312.100",
"status": "affected",
"version": "9.1.2312",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:17:17.349360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:32:06.701Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2024-0717"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.2.2",
"status": "affected",
"version": "9.2",
"versionType": "custom"
},
{
"lessThan": "9.1.5",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.0.10",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud Platform",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.1.2312.100",
"status": "affected",
"version": "9.1.2312",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ST\u00d6K / Fredrik Alexandersson"
}
],
"datePublic": "2024-07-01T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."
}
],
"value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:11.331Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0717"
},
{
"url": "https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c"
}
],
"source": {
"advisory": "SVD-2024-0717"
},
"title": "Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2024-36997",
"datePublished": "2024-07-01T16:57:47.904Z",
"dateReserved": "2024-05-30T16:36:21.002Z",
"dateUpdated": "2024-10-30T15:06:11.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-36997\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2024-07-01T17:15:09.143\",\"lastModified\":\"2024-10-15T18:35:14.063\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador podr\u00eda almacenar y ejecutar c\u00f3digo JavaScript arbitrario en el contexto del navegador de otro usuario de Splunk a trav\u00e9s de conf-web/settings endpoint REST. Potencialmente, esto podr\u00eda provocar un exploit de cross-site scripting (XSS) persistente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.7,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"https://advisory.splunk.com/advisories/SVD-2024-0717\",\"source\":\"prodsec@splunk.com\"},{\"url\":\"https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c\",\"source\":\"prodsec@splunk.com\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.