CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36987 – Insecure File Upload in the indexing/preview REST endpoint
https://notcve.org/view.php?id=CVE-2024-36987
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario autenticado y con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podría cargar un archivo con una extensión arbitraria utilizando el endpoint REST de indexación/vista previa. • https://advisory.splunk.com/advisories/SVD-2024-0707 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29945 – Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2024-29945
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el software potencialmente expone tokens de autenticación durante el proceso de validación del token. Esta exposición ocurre cuando Splunk Enterprise se ejecuta en modo de depuración o el componente JsonWebToken se ha configurado para registrar su actividad en el nivel de registro DEBUG. • https://advisory.splunk.com/advisories/SVD-2024-0301 https://research.splunk.com/application/9a67e749-d291-40dd-8376-d422e7ecf8b5 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29946 – Risky command safeguards bypass in Dashboard Examples Hub
https://notcve.org/view.php?id=CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el Centro de ejemplos de paneles de la aplicación Splunk Dashboard Studio carece de protección para comandos SPL riesgosos. Esto podría permitir a los atacantes eludir las salvaguardas de SPL para comandos riesgosos en el Hub. • https://advisory.splunk.com/advisories/SVD-2024-0302 https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46230 – Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46230
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe información confidencial en archivos de registro internos. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46231 – Session Token Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46231
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe tokens de sesión de usuario en sus archivos de registro internos cuando visita Splunk Add-on Builder o cuando crea o edita una aplicación o complemento personalizado. • https://advisory.splunk.com/advisories/SVD-2024-0110 • CWE-532: Insertion of Sensitive Information into Log File •