CVE-2024-36987

Published: Jul 1, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.

Affected (4)

Products: Splunk: Cloud, Splunk

2 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Splunk Cloud	From 9.1.2312 to 9.1.2312.200
Splunk Splunk	From 9.0.0 to 9.0.10
Splunk Splunk	From 9.1.0 to 9.1.5
Splunk Splunk	From 9.2.0 to 9.2.2

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://advisory.splunk.com/advisories/SVD-2024-0707

Source: prodsec@splunk.com

Vendor Advisory

https://advisory.splunk.com/advisories/SVD-2024-0707

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.