CVE-2024-36986
Risky command safeguards bypass through Search ID query in Analytics Workspace
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario autenticado podría ejecutar comandos riesgosos utilizando los permisos de un usuario con mayores privilegios para evitar SPL. salvaguardias para comandos riesgosos en Analytics Workspace. La vulnerabilidad requiere que el usuario autenticado realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador. El usuario autenticado no debería poder explotar la vulnerabilidad a voluntad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-30 CVE Reserved
- 2024-07-01 CVE Published
- 2024-08-03 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://advisory.splunk.com/advisories/SVD-2024-0706 | ||
https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.2.0 < 9.2.2 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.2.0 < 9.2.2" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.1.0 < 9.1.5 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.1.0 < 9.1.5" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise" | >= 9.0.0 < 9.0.10 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.0.0 < 9.0.10" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | >= 9.1.2312.0 < 9.1.2312.200 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " >= 9.1.2312.0 < 9.1.2312.200" | en |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Cloud Platform Search vendor "Splunk" for product "Splunk Cloud Platform" | >= 9.1.2308.0 < 9.1.2308.207 Search vendor "Splunk" for product "Splunk Cloud Platform" and version " >= 9.1.2308.0 < 9.1.2308.207" | en |
Affected
|