CVE-2024-45737 – Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-45737
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). • https://advisory.splunk.com/advisories/SVD-2024-1007 https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-45732 – Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
https://notcve.org/view.php?id=CVE-2024-45732
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. • https://advisory.splunk.com/advisories/SVD-2024-1002 https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f • CWE-862: Missing Authorization •
CVE-2024-45736 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2024-45736
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd). • https://advisory.splunk.com/advisories/SVD-2024-1006 https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-45741 – Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-45741
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. • https://advisory.splunk.com/advisories/SVD-2024-1011 https://research.splunk.com/application/d7b5aa71-157f-4359-9c34-e35752b1d0a2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36997 – Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint
https://notcve.org/view.php?id=CVE-2024-36997
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312, un usuario administrador podría almacenar y ejecutar código JavaScript arbitrario en el contexto del navegador de otro usuario de Splunk a través de conf-web/settings endpoint REST. Potencialmente, esto podría provocar un exploit de cross-site scripting (XSS) persistente. • https://advisory.splunk.com/advisories/SVD-2024-0717 https://research.splunk.com/application/ed1209ef-228d-4dab-9856-be9369925a5c • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •