In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-0707 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-07-01T16:30:36.235Z
Updated: 2024-12-10T18:01:29.584Z
Reserved: 2024-05-30T16:36:21.000Z
Link: CVE-2024-36987
Vulnrichment
Updated: 2024-08-02T03:43:50.677Z
NVD
Status : Modified
Published: 2024-07-01T17:15:07.120
Modified: 2024-11-21T09:22:58.897
Link: CVE-2024-36987
Redhat
No data.