📦 Splunk

This vulnerability allows an attacker who compromises a Universal Forwarder endpoint to deploy malicious forwarder bundles to all other Universal Forwarder endpoints subscribed to the same deployment ...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Enterprise installation directory and all its contents after a new installation or upgrade. This affects Splun...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Universal Forwarder installation directory and all its contents after new installation or upgrade. This affect...

This vulnerability allows unauthenticated attackers to perform blind server-side request forgery (SSRF) against vulnerable Splunk deployments, potentially enabling them to make REST API calls with the...

This vulnerability allows low-privileged Splunk users to run searches with higher-privileged user permissions through a phishing attack, potentially exposing sensitive data. It affects Splunk Enterpri...

This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitrary code on the server by uploading files to a specific directory. It affects Splunk Enterprise vers...

This vulnerability allows low-privileged Splunk users without admin or power roles to write files to the Windows system root directory (typically System32) when Splunk Enterprise is installed on a sep...

In Splunk Enterprise for Windows, low-privileged users without admin or power roles can achieve remote code execution due to insecure session storage. This affects Windows installations of Splunk Ente...

This vulnerability allows an admin user in Splunk Enterprise and Splunk Cloud Platform to store and execute arbitrary JavaScript code in other users' browsers through the conf-web/settings REST endpoi...

This CVE allows low-privileged users without admin or power roles to create notifications in Splunk Web Bulletin Messages that are broadcast to all users on the instance. It affects Splunk Enterprise ...

This vulnerability allows attackers to perform path traversal attacks on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This could enable unauthorized access to files outside the in...

This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitrary code through external lookups referencing the splunk_archiver application. It affects Splunk Ent...

This vulnerability allows authenticated users in Splunk Enterprise and Cloud Platform to create external lookups that call legacy internal functions, enabling them to insert and execute arbitrary code...

Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9 may expose authentication tokens during validation when debug logging is enabled. This allows attackers to capture valid tokens and potentially...

This vulnerability in Splunk Enterprise for Windows allows unsafe deserialization of untrusted data from separate disk partitions due to improper path input sanitization. Attackers could potentially e...

This vulnerability allows remote code execution on Splunk Enterprise instances by uploading malicious XSLT files. Attackers can execute arbitrary code on the server, potentially compromising the entir...

This vulnerability in Splunk Enterprise allows attackers to execute arbitrary code by crafting malicious queries that exploit insecure deserialization. It affects Splunk Enterprise versions before 8.2...

This vulnerability allows attackers to exploit absolute path traversal in Splunk Enterprise to execute arbitrary code from separate disks. It affects Splunk Enterprise versions below 8.2.12, 9.0.6, an...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in Splunk Enterprise's /app/search/table endpoint. Attackers can craft malicious web requests to execute arbitrary commands on v...

This vulnerability allows unauthenticated attackers to send specially-crafted XML messages to Splunk's SAML authentication parser, causing a denial of service that crashes the Splunk daemon. It affect...

This CVE describes an HTTP response splitting vulnerability in Splunk's 'rest' SPL command that allows low-privileged users to potentially access arbitrary REST endpoints. Affected systems include Spl...

CVE-2023-32714 is a path traversal vulnerability in Splunk App for Lookup File Editing that allows low-privileged users to read and write files in restricted directories of the Splunk installation. Th...

This vulnerability allows attackers to inject ANSI escape codes into Splunk log files, which could lead to code execution in vulnerable terminal applications when users read these logs. It affects Spl...

This vulnerability allows attackers to inject malicious scripts into Splunk Web views through Base64-encoded image error messages. When exploited, it enables cross-site scripting attacks that can stea...

This vulnerability allows authenticated Splunk users to bypass SPL safeguards for risky commands by crafting a saved search job that uses the 'pivot' command. When a higher-privileged user initiates t...

This vulnerability in Splunk Enterprise allows higher-privileged users to bypass SPL safeguards for risky commands via the 'map' search command. It affects Splunk Enterprise instances with Splunk Web ...

Splunk Enterprise and Universal Forwarder versions before 9.0 do not validate TLS certificates by default when the CLI connects to remote Splunk instances. This allows machine-in-the-middle attackers ...

Splunk Universal Forwarder versions before 9.0 have remote management services enabled by default, exposing management ports to network access. This configuration issue could allow unauthorized remote...

Splunk Enterprise and Splunk Cloud Platform versions before 9.0 and 8.2.2203 respectively did not validate TLS certificates during Splunk-to-Splunk communications by default. This allows attackers wit...

This vulnerability allows attackers to bypass DUO multi-factor authentication in Splunk Enterprise, enabling unauthorized access to protected Splunk instances. It affects Splunk Enterprise versions be...

This vulnerability allows a local Windows user with lower privileges to escalate to the Splunk user account through a path misconfiguration. It affects Splunk Enterprise versions before 8.1.1 running ...

This path traversal vulnerability in Splunk Enterprise allows attackers to inject arbitrary content into web pages or bypass SPL command safeguards. It affects Splunk Enterprise versions before 8.1.2 ...

A lack of validation in the Splunk-to-Splunk protocol allows attackers to cause denial-of-service in vulnerable Splunk Enterprise instances. This affects Splunk Enterprise versions before 7.3.9, 8.0.9...

This vulnerability allows authenticated users with access to Splunk's _internal index to view SAML configuration data in plain text within log files. This affects Splunk Enterprise and Splunk Cloud Pl...

A low-privileged user without admin role can access Splunk Monitoring Console endpoints due to improper access control in vulnerable Splunk Enterprise versions. This leads to sensitive information dis...

This vulnerability allows users with access to Splunk's _internal index to view sensitive authentication secrets in plain text. Specifically, Duo Two-Factor Authentication integration keys, secret key...

A low-privileged user without admin or power roles can craft a malicious payload in the label column field when adding a new device in the Splunk Secure Gateway app, potentially causing client-side de...

This vulnerability allows low-privileged Splunk users who subscribe to mobile push notifications to receive notification titles and descriptions for reports or alerts they don't have permission to vie...

An unauthenticated attacker can inject ANSI escape codes into Splunk log files via the /en-US/static/ endpoint, allowing them to manipulate or obfuscate log data. This affects Splunk Enterprise versio...

This vulnerability allows authenticated Splunk users with the 'change_authentication' capability to send multiple LDAP bind requests to a specific internal endpoint, causing high CPU usage that can le...

A low-privileged user in Splunk Enterprise or Splunk Cloud Platform can access sensitive search results by guessing the unique Search ID (SID) of administrative background search jobs. This affects us...

This is a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform that allows low-privileged users to inject malicious JavaScript through the dataset.command parameter....

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can inject malicious JavaScript through saved search error messa...

This CSRF vulnerability in Splunk Enterprise and Cloud Platform allows unauthenticated attackers to trigger rolling restarts in Search Head Clusters by tricking administrators into executing malicious...

This vulnerability allows low-privileged Splunk users without admin or power roles to create or overwrite system source type configurations via a crafted REST API request. It affects Splunk Enterprise...

In affected Splunk Enterprise and Cloud Platform versions, a low-privileged user with read-only access to a specific alert can suppress that alert when it triggers. This allows users without admin or ...

A path traversal vulnerability in Splunk Enterprise and Cloud Platform allows low-privileged users to delete arbitrary files via a malicious payload on the User Interface - Views configuration page, p...

This CVE allows low-privileged Splunk users without admin or power roles to edit and delete other users' data in App Key Value Store (KVStore) collections created by the Splunk Secure Gateway app. The...

This CVE describes a privilege escalation vulnerability in Splunk Enterprise and Cloud Platform where low-privileged users can bypass SPL safeguards for risky commands. Attackers can trick authenticat...

A Cross-Site Request Forgery (CSRF) vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users without admin or power roles to change the maintenance mode state of App Ke...

This vulnerability allows low-privileged Splunk users to bypass SPL safeguards for risky commands by tricking higher-privileged users into executing malicious saved searches. It affects Splunk Enterpr...

This CVE describes an information disclosure vulnerability in Splunk Enterprise and Splunk Cloud Platform where SPL commands can potentially expose sensitive data. The vulnerability requires chaining ...

This vulnerability allows low-privileged Splunk users to bypass command safeguards by tricking higher-privileged users into executing saved searches containing risky commands. It affects Splunk Enterp...

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can create malicious configuration files that execute unauthoriz...

This vulnerability allows low-privileged users without admin or power roles to view App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App. Th...

This CSRF vulnerability allows low-privileged Splunk users without admin or power roles to change the maintenance mode state of the App Key Value Store (KVStore). Attackers could trick authenticated u...

Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 may log plaintext passwords for local native authentication users when the AdminManager log channel is set to DEBUG level. This affects organiz...

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can inject malicious JavaScript through Bulletin Messages. The i...

This CVE allows low-privileged users without admin or power roles to create experimental items in Splunk Enterprise and Splunk Cloud Platform. This violates intended access controls and could enable u...

This vulnerability allows authenticated low-privileged users in Splunk Enterprise and Splunk Cloud Platform to upload files with arbitrary extensions via the indexing/preview REST endpoint. This could...

This vulnerability allows authenticated users with the 'change_authentication' capability to enumerate internal IP addresses and network ports when adding search peers in Splunk distributed environmen...

This CVE describes an unvalidated redirect vulnerability in Splunk Enterprise and Cloud Platform where low-privileged authenticated users can create dashboard views with custom backgrounds using base6...

This is a stored cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform. An authenticated user with admin_all_objects privilege can inject malicious JavaScript into na...

This vulnerability allows low-privileged Splunk users to bypass SPL safeguards for risky commands by exploiting character encoding in REST API paths. Attackers could execute saved searches with elevat...

This vulnerability allows unauthenticated attackers to craft malicious URLs that exploit an unvalidated redirect in Splunk Web's login endpoint. When authenticated users click these links, they can be...