Low-privileged user could create experimental items
Advisory ID: SVD-2024-0715
CVE ID: CVE-2024-36995
Published: 2024-07-01
Last Update: 2024-07-01
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-862
Bug ID: VULN-15941
Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the “admin” or “power” Splunk roles could create experimental items.
Solution
Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.
Splunk is performing upgrades on Splunk Cloud Platform instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. In the meantime, Splunk is actively monitoring for potential issues that could arise from this vulnerability.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 9.2 | REST API | 9.2.0 to 9.2.1 | 9.2.2 |
| Splunk Enterprise | 9.1 | REST API | 9.1.0 to 9.1.4 | 9.1.5 |
| Splunk Enterprise | 9.0 | REST API | 9.0.0 to 9.0.9 | 9.0.10 |
| Splunk Cloud Platform | 9.1.2312 | REST API | Below 9.1.2312.200 | 9.1.2312.200 |
| Splunk Cloud Platform | 9.1.2308 | REST API | Below 9.1.2308.207 | 9.1.2308.207 |
Mitigations and Workarounds
None
Detections
Severity
Splunk rates this vulnerability as 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Acknowledgments
MrHack