Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard
CVE-2024-45734

4.3MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise
Vendor: CVE Published:; 14 October 2024

Summary

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.

Affected Version(s)

Splunk Enterprise 9.2 < 9.2.3

Splunk Enterprise 9.1 < 9.1.6

References

https://advisory.splunk.com/advisories/SVD-2024-1004

https://research.splunk.com/application/7464e2dc-98a5-4af...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2024

Credit

Anton (therceman)