Описание
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
Ссылки
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
Уязвимость веб-интерфейса Splunk Web платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю провести межсайтовые сценарные атаки (XSS)
EPSS
5.4 Medium
CVSS3