CVE-2024-36987
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | 9.2 < 9.2.2 | affected |
| Splunk | Splunk Enterprise | 9.1 < 9.1.5 | affected |
| Splunk | Splunk Enterprise | 9.0 < 9.0.10 | affected |
| Splunk | Splunk Cloud Platform | 9.1.2312 < 9.1.2312.200 | affected |
Weaknesses
- CWE-434: The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.