Vulnerabilities > Splunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-36995 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. | 3.5 |
| 2024-07-01 | CVE-2024-36996 | Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. | 5.3 |
| 2024-03-27 | CVE-2024-29945 | Information Exposure Through Log Files vulnerability in Splunk In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. | 7.2 |
| 2024-03-27 | CVE-2024-29946 | Command Injection vulnerability in Splunk In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. | 8.1 |
| 2024-01-30 | CVE-2023-46230 | Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2 In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | 4.9 |
| 2024-01-30 | CVE-2023-46231 | Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2 In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | 7.2 |
| 2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |
| 2024-01-22 | CVE-2024-23676 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. | 3.5 |
| 2024-01-22 | CVE-2024-23677 | Information Exposure Through Log Files vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. | 5.3 |
| 2024-01-22 | CVE-2024-23678 | Unspecified vulnerability in Splunk In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. | 8.8 |