In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
History

Tue, 15 Oct 2024 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1287

Mon, 14 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Splunk cloud
CPEs cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*
Vendors & Products Splunk cloud
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 12 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1287

cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-03-27T16:15:59.872Z

Updated: 2024-12-10T18:00:17.103Z

Reserved: 2024-03-21T21:09:44.795Z

Link: CVE-2024-29946

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.609Z

cve-icon NVD

Status : Modified

Published: 2024-03-27T17:15:54.273

Modified: 2024-11-21T09:08:40.463

Link: CVE-2024-29946

cve-icon Redhat

No data.