20761 matches found
CVE-2025-20322
CVE-2025-20322 affects Splunk Enterprise and Splunk Cloud Platform. An unauthenticated attacker can trigger a rolling restart of the Search Head Cluster via a crafted SPL search command exploited through CSRF, potentially causing DoS. The attack requires phishing a administrator-level user to ini...
CVE-2025-20323 Missing Access Control of Saved Searches in the Splunk Archiver app
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
CVE-2025-20321 Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster SHC...
CVE-2025-20321 Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster SHC...
CVE-2025-20321
The CVE-2025-20321 issue affects Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119. It is a Cross-Site Request Forgery (CSRF) vulnerability that can change the membership state of a Splunk Search...
CVE-2025-20323
CVE-2025-20323 affects Splunk Enterprise: versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10 are vulnerable. A low-privileged user (not admin/power) can turn off the scheduled search Bucket Copy Trigger in the Splunk Archiver app due to missing access controls in the saved searches. Root cause: insuf...
CVE-2025-20323 Missing Access Control of Saved Searches in the Splunk Archiver app
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
CVE-2025-20325 Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...
CVE-2025-20325
Summary: CVE-2025-20325 affects Splunk Enterprise <9.4.3, <9.3.5, <9.2.7, <9.1.10 and Splunk Cloud Platform <9.3.2411.103, <9.3.2408.113,
CVE-2025-20325 Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...
CVE-2025-20319 Remote Command Execution through Scripted Input Files in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See Define...
CVE-2025-20319 Remote Command Execution through Scripted Input Files in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See Define...
CVE-2025-20319
CVE-2025-20319 affects Splunk Enterprise prior to versions 9.4.3, 9.3.5, 9.2.7, and 9.1.10. The root cause is improper user input sanitization in scripted input files, exploitable by a user who has a role with the high‑privilege capabilities edit_scripted and list_inputs . This could enable remot...
CVE-2025-20319
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability editscripted and listinputs capability , could perform a remote command execution due to improper user input sanitization on the scripted input files. See Defin...
CVE-2025-20324
CVE-2025-20324 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user without admin/power roles can create or overwrite system source type configurations by sending a crafted payload to the REST endpoint at /servicesNS/nobody/search/admin/sourcetypes/ on the Splunk management ...
CVE-2025-20324 Improper Access Control in System Source Types Configuration in Splunk Enterprise
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite system source type configurations by...
CVE-2025-20324 Improper Access Control in System Source Types Configuration in Splunk Enterprise
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite system source type configurations by...
CVE-2025-20320 Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the User Interface - View...
CVE-2025-20320 Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the User Interface - View...
CVE-2025-20320
CVE-2025-20320 affects Splunk Enterprise versions prior to 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions prior to 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121. A low-privilege user who should not have admin or power roles can craft a malicious payload via the User Interface ...