CVE-2024-36992 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36992
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podría crear un payload malicioso a través de una Vista que podría resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario.bEl parámetro "url" del elemento Panel no tiene una validación de entrada adecuada para rechazar URL no válidas, lo que podría provocar un exploit de Cross-Site Scripting (XSS). • https://advisory.splunk.com/advisories/SVD-2024-0712 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-36986 – Risky command safeguards bypass through Search ID query in Analytics Workspace
https://notcve.org/view.php?id=CVE-2024-36986
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario autenticado podría ejecutar comandos riesgosos utilizando los permisos de un usuario con mayores privilegios para evitar SPL. salvaguardias para comandos riesgosos en Analytics Workspace. La vulnerabilidad requiere que el usuario autenticado realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. • https://advisory.splunk.com/advisories/SVD-2024-0706 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-36983 – Command Injection using External Lookups
https://notcve.org/view.php?id=CVE-2024-36983
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an authenticated user could create an external lookup that calls a legacy internal function. The authenticated user could use this internal function to insert code into the Splunk platform installation directory. From there, the user could execute arbitrary code on the Splunk platform Instance. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.109 y 9.1.2308.207, un usuario autenticado podría crear una búsqueda externa que llame a una función interna heredada. El usuario autenticado podría utilizar esta función interna para insertar código en el directorio de instalación de la plataforma Splunk. • https://advisory.splunk.com/advisories/SVD-2024-0703 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-36994 – Persistent Cross-site Scripting (XSS) in Dashboard Elements
https://notcve.org/view.php?id=CVE-2024-36994
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría crear un payload malicioso a través de una vista y mensajes de boletines web de Splunk que podrían resultar en la ejecución de código JavaScript no autorizado en el navegador de un usuario. • https://advisory.splunk.com/advisories/SVD-2024-0714 https://research.splunk.com/application/b0a67520-ae82-4cf6-b04e-9f6cce56830d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •