Splunk Security Vulnerabilities (CVEs)

This vulnerability allows authenticated users with access to Splunk's _internal index to view SAML configuration data in plain text within log files. ...

A low-privileged user without admin role can access Splunk Monitoring Console endpoints due to improper access control in vulnerable Splunk Enterprise...

This vulnerability allows users with access to Splunk's _internal index to view sensitive authentication secrets in plain text. Specifically, Duo Two-...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Enterprise installation directory and all its contents after...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Universal Forwarder installation directory and all its conte...

This vulnerability allows authenticated users with the 'change_authentication' capability to enumerate internal IP addresses and network ports when ad...

A low-privileged user without admin or power roles can craft a malicious payload in the label column field when adding a new device in the Splunk Secu...

This CVE describes an unvalidated redirect vulnerability in Splunk Enterprise and Cloud Platform where low-privileged authenticated users can create d...

This vulnerability allows low-privileged Splunk users who subscribe to mobile push notifications to receive notification titles and descriptions for r...

An unauthenticated attacker can inject ANSI escape codes into Splunk log files via the /en-US/static/ endpoint, allowing them to manipulate or obfusca...

This is a stored cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform. An authenticated user with admin_all_objects...

This vulnerability allows low-privileged Splunk users to bypass SPL safeguards for risky commands by exploiting character encoding in REST API paths. ...

This vulnerability allows unauthenticated attackers to craft malicious URLs that exploit an unvalidated redirect in Splunk Web's login endpoint. When ...

This vulnerability allows authenticated Splunk users with the 'change_authentication' capability to send multiple LDAP bind requests to a specific int...

This vulnerability allows unauthenticated attackers to perform blind server-side request forgery (SSRF) against vulnerable Splunk deployments, potenti...

A low-privileged user in Splunk Enterprise or Splunk Cloud Platform can access sensitive search results by guessing the unique Search ID (SID) of admi...

This is a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform that allows low-privileged users to inject malicious...

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can inject mal...

This CSRF vulnerability in Splunk Enterprise and Cloud Platform allows unauthenticated attackers to trigger rolling restarts in Search Head Clusters b...

This vulnerability allows low-privileged Splunk users without admin or power roles to create or overwrite system source type configurations via a craf...

In affected Splunk Enterprise and Cloud Platform versions, a low-privileged user with read-only access to a specific alert can suppress that alert whe...

A path traversal vulnerability in Splunk Enterprise and Cloud Platform allows low-privileged users to delete arbitrary files via a malicious payload o...

This vulnerability allows non-administrator users on Windows systems to access the Splunk Universal Forwarder installation directory and all its conte...

This CVE allows low-privileged Splunk users without admin or power roles to edit and delete other users' data in App Key Value Store (KVStore) collect...

This vulnerability allows low-privileged Splunk users to run searches with higher-privileged user permissions through a phishing attack, potentially e...

This CVE describes a privilege escalation vulnerability in Splunk Enterprise and Cloud Platform where low-privileged users can bypass SPL safeguards f...

This vulnerability allows low-privileged Splunk users to bypass SPL safeguards for risky commands by tricking higher-privileged users into executing m...

A Cross-Site Request Forgery (CSRF) vulnerability in Splunk Enterprise and Splunk Cloud Platform allows low-privileged users without admin or power ro...

This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitrary code on the server by uploading files to a spe...

This vulnerability allows low-privileged Splunk users to bypass command safeguards by tricking higher-privileged users into executing saved searches c...

This CVE describes an information disclosure vulnerability in Splunk Enterprise and Splunk Cloud Platform where SPL commands can potentially expose se...

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can create mal...

This vulnerability allows low-privileged users without admin or power roles to view App Key Value Store (KV Store) deployment configuration and public...

This CSRF vulnerability allows low-privileged Splunk users without admin or power roles to change the maintenance mode state of the App Key Value Stor...

Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 may log plaintext passwords for local native authentication users when the AdminManager log c...

This vulnerability allows low-privileged Splunk users without admin or power roles to write files to the Windows system root directory (typically Syst...

In Splunk Enterprise for Windows, low-privileged users without admin or power roles can achieve remote code execution due to insecure session storage....

This vulnerability allows an admin user in Splunk Enterprise and Splunk Cloud Platform to store and execute arbitrary JavaScript code in other users' ...

This CVE describes a cross-site scripting (XSS) vulnerability in Splunk Enterprise and Splunk Cloud Platform where low-privileged users can inject mal...

This CVE allows low-privileged users without admin or power roles to create experimental items in Splunk Enterprise and Splunk Cloud Platform. This vi...

This vulnerability allows authenticated low-privileged users in Splunk Enterprise and Splunk Cloud Platform to upload files with arbitrary extensions ...

This CVE allows low-privileged users without admin or power roles to create notifications in Splunk Web Bulletin Messages that are broadcast to all us...

This vulnerability allows attackers to perform path traversal attacks on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This could ...

This vulnerability allows authenticated users in Splunk Enterprise and Cloud Platform to create external lookups that call legacy internal functions, ...

This vulnerability allows low-privileged Splunk users without admin or power roles to execute arbitrary code through external lookups referencing the ...

Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9 may expose authentication tokens during validation when debug logging is enabled. This allows...

Splunk Add-on Builder versions below 4.1.4 write sensitive information like credentials and API keys to internal log files. This vulnerability allows ...

This vulnerability in Splunk Enterprise for Windows allows unsafe deserialization of untrusted data from separate disk partitions due to improper path...

This vulnerability allows remote code execution on Splunk Enterprise instances by uploading malicious XSLT files. Attackers can execute arbitrary code...

This vulnerability in Splunk Enterprise allows attackers to execute arbitrary code by crafting malicious queries that exploit insecure deserialization...