CVE-2025-20233

Опубликовано: 26 мар. 2025

Источник: nvd

CVSS3: 2.5

CVSS3: 3.3

EPSS Низкий

Описание

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

Ссылки

https://advisory.splunk.com/advisories/SVD-2025-0310
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:splunk:splunk_app_for_lookup_file_editing:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.0.5 (исключая)

EPSS

Процентиль: 3%

0.00016

Низкий

2.5 Low

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-x67m-xw25-vpg2

CVSS3: 2.5

github

11 месяцев назад

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

EPSS

Процентиль: 3%

0.00016

Низкий

2.5 Low

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-732