CVE-2024-29946

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*

History

15 Oct 2024, 18:35

Type Values Removed Values Added
CWE CWE-1287

12 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-1287

10 Apr 2024, 01:15

Type Values Removed Values Added
Summary (en) In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. (en) In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.

01 Apr 2024, 15:39

Type Values Removed Values Added
Summary
  • (es) En las versiones de Splunk Enterprise inferiores a 9.2.1, 9.1.4 y 9.0.9, el Centro de ejemplos de paneles de la aplicación Splunk Dashboard Studio carece de protección para comandos SPL riesgosos. Esto podría permitir a los atacantes eludir las salvaguardas de SPL para comandos riesgosos en el Hub. La vulnerabilidad requeriría que el atacante realice phishing a la víctima engañándola para que inicie una solicitud dentro de su navegador.
CPE cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
First Time Splunk
Splunk splunk
References () https://advisory.splunk.com/advisories/SVD-2024-0302 - () https://advisory.splunk.com/advisories/SVD-2024-0302 - Vendor Advisory
References () https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ - () https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ - Vendor Advisory
CWE CWE-77

27 Mar 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-27 17:15

Updated : 2024-10-15 18:35


NVD link : CVE-2024-29946

Mitre link : CVE-2024-29946

CVE.ORG link : CVE-2024-29946


JSON object : View

Products Affected

splunk

  • splunk
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-20

Improper Input Validation