CVE-2024-45741

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.2.3 and 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205

Description A low-privileged user without the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the api.uri parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For Splunk Enterprise versions prior to 9.2.3 and 9.1.6, update to version 9.2.3 or 9.1.6 or later. For Splunk Cloud Platform versions prior to 9.2.2403.108 and 9.1.2312.205, update to version 9.2.2403.108 or 9.1.2312.205 or later. As a temporary workaround, consider restricting access to the "/manager/search/apps/local" endpoint in Splunk Web to minimize the risk of exploitation. Avoid using the api.uri parameter in the affected endpoint until the issue is resolved.