Authenticated User Could Run Risky Commands Using Higher-Privileged User's Permissions to Bypass SPL Safeguards in Analytics Workspace
CVE-2024-36986

6.3MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 1 July 2024

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Affected Version(s)

Splunk Cloud Platform 9.1.2312 < 9.1.2312.200

Splunk Cloud Platform 9.1.2308 < 9.1.2308.207

Splunk Enterprise 9.2 < 9.2.2

References

https://advisory.splunk.com/advisories/SVD-2024-0706

https://research.splunk.com/application/1cf58ae1-9177-40b...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 1, 2024
Vulnerability Reserved
May 30, 2024

Credit

Anton (therceman)