PT-2024-2533 · Splunk · Splunk Enterprise
Published
2024-03-27
·
Updated
2024-10-15
·
CVE-2024-29946
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 9.2.1
Splunk Enterprise versions prior to 9.1.4
Splunk Enterprise versions prior to 9.0.9
Description
The issue is related to the lack of protections for risky SPL commands in the Dashboard Examples Hub. This could allow attackers to bypass SPL safeguards for risky commands in the Hub by tricking victims into initiating a request within their browser, potentially impacting the confidentiality and integrity of protected information.
Recommendations
For versions prior to 9.2.1, update to version 9.2.1 or later to resolve the issue.
For versions prior to 9.1.4, update to version 9.1.4 or later to resolve the issue.
For versions prior to 9.0.9, update to version 9.0.9 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Dashboard Examples Hub to minimize the risk of exploitation.
Fix
RCE
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Splunk Enterprise