Low-privileged user could create experimental items

Advisory ID: SVD-2024-0715

CVE ID: CVE-2024-36995

Published: 2024-07-01

Last Update: 2024-07-01

CVSSv3.1 Score: 4.3, Medium

CWE: CWE-862

Bug ID: VULN-15941


In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create experimental items.


Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.

Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.2REST API9.2.0 to
Splunk Enterprise9.1REST API9.1.0 to
Splunk Enterprise9.0REST API9.0.0 to
Splunk Cloud Platform9.1.2312REST APIBelow 9.1.2312.2009.1.2312.200
Splunk Cloud Platform9.1.2308REST APIBelow 9.1.2308.2079.1.2308.207

Mitigations and Workarounds




Splunk rates this vulnerability as 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.