PT-2026-60234 · Splunk · Splunk Cloud Platform+1
Publicado
2026-07-15
·
Atualizado
2026-07-15
·
CVE-2026-20297
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the
The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
edit local apps and install apps capabilities could cause a legitimate app installation to write files outside the intended app directory, into $SPLUNK HOME/etc/ and its subdirectories.The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Splunk Cloud Platform
Splunk Enterprise