3 advisories tracked · Splunk (prodsec@splunk.com CNA) via NVD · checked automatically every minute
Pick your product and enter the exact software release it runs. We match it against the affected/fixed versions in Splunk's recent advisories.
Splunk (prodsec@splunk.com CNA) via NVD
Splunk is its own CVE Numbering Authority. VulniPulse ingests Splunk's CVEs from the NVD CNA feed (prodsec@splunk.com), each linking to its SVD-YYYY-NNNN advisory on advisory.splunk.com. Covers Splunk Enterprise, Splunk Cloud Platform, the Universal Forwarder, IT Service Intelligence (ITSI), SOAR, Enterprise Security and Splunk apps/add-ons — the SIEM at the centre of most SOCs, so a security-team audience that patches on advisory day.
Visit Splunk security advisoriesIn Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.