In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
References
| Link | Resource |
|---|---|
| https://advisory.splunk.com/advisories/SVD-2024-0302 | Vendor Advisory |
| https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Apr 2024, 01:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. |
01 Apr 2024, 15:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://advisory.splunk.com/advisories/SVD-2024-0302 - Vendor Advisory | |
| References | () https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
| CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* | |
| First Time |
Splunk
Splunk splunk |
|
| CWE | CWE-77 |
27 Mar 2024, 17:48
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-27 17:15
Updated : 2024-10-15 18:35
NVD link : CVE-2024-29946
Mitre link : CVE-2024-29946
JSON object : View
Products Affected
splunk
- splunk
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')