Description

In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.

Related CPE's

a

splunk

splunk

2

a

splunk

splunk_cloud_platform

2

References

https://advisory.splunk.com/advisories/SVD-2024-1011

Vendor Advisory

https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2/

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-10-14T15:15:13.250Z

1 year ago

Last modified

2024-10-17T11:12:54.180Z

1 year ago