Kyle Bambrick

**Name of the Vulnerable Software and Affected Versions** Splunk App for Lookup File Editing versions prior to 4.0.5 **Description** The issue is related to improper access control due to overly broad read and execute permissions. A script in the app used the `chmod` and `makedirs` Python functions in a way that could lead to improper access control for a low-privileged user. **Recommendations** For versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Splunk Supporting Add-on for Active Directory versions 3.1.0 and earlier **Description** A vulnerable regular expression pattern in the Splunk Supporting Add-on for Active Directory could lead to a Regular Expression Denial of Service (ReDoS) attack. **Recommendations** For versions 3.1.0 and earlier, consider updating to a version that fixes the vulnerable regular expression pattern to prevent ReDoS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.200 Description: The issue is related to the Upload Data module in the Splunk Web interface of Splunk Enterprise, which allows an authenticated, low-privileged user to upload a file with an arbitrary extension using the "indexing/preview" REST endpoint. This could enable a remote attacker to write arbitrary files. Recommendations: For Splunk Enterprise versions prior to 9.2.2, update to version 9.2.2 or later. For Splunk Enterprise versions prior to 9.1.5, update to version 9.1.5 or later. For Splunk Enterprise versions prior to 9.0.10, update to version 9.0.10 or later. For Splunk Cloud Platform versions prior to 9.1.2312.200, update to version 9.1.2312.200 or later. As a temporary workaround, consider restricting access to the "indexing/preview" REST endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 8.1.7 **Description** The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. This issue impacts instances when configured to repress verbose login errors. **Recommendations** For versions prior to 8.1.7, update to version 8.1.7 or later to resolve the issue. As a temporary workaround, consider configuring the instance to display verbose login errors to prevent username enumeration.