Lucene search
K

20788 matches found

OSV
OSV
added 2025/03/26 10:15 p.m.4 views

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

5.7CVSS5.8AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.21 views

CVE-2025-20232

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

5.7CVSS0.00435EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.16 views

CVE-2025-20231

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a...

7.1CVSS0.00479EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.14 views

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

3.3CVSS0.00111EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.3 views

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.2 views

CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store KVStore through a...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.2 views

CVE-2025-20227

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content...

4.3CVSS5.8AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.13 views

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

5.7CVSS0.00434EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.10 views

CVE-2025-20228

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store KVStore through a...

6.5CVSS0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.2 views

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE through a file...

8CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2025/03/26 10:15 p.m.3 views

CVE-2025-20226

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permission...

5.7CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/26 10:15 p.m.2 views

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE through a file...

8CVSS7.5AI score0.13987EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2025/03/26 10:15 p.m.11 views

CVE-2025-20229

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution RCE through a file...

8CVSS0.13987EPSS
Exploits0References1
NVD
NVD
added 2025/03/26 10:15 p.m.14 views

CVE-2025-20227

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content...

4.3CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 10:6 p.m.34 views

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

2.5CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/26 10:6 p.m.7 views

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

2.5CVSS3.9AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 10:6 p.m.72 views

CVE-2025-20233

CVE-2025-20233 concerns the Splunk App for Lookup File Editing (pre-4.0.5). A script uses Python’s chmod and makedirs in a way that yields overly broad read and execute permissions, causing improper access control for a low-privileged user. The provided documents do not specify a remediation. Mon...

3.3CVSS7.2AI score0.00111EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/03/26 10:6 p.m.95 views

CVE-2025-20232

CVE-2025-20232 affects Splunk Enterprise (versions prior to 9.3.3, 9.2.5, 9.1.8) and Splunk Cloud Platform (prior to 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208, 9.1.2308.212). A low-privileged user without admin/power roles can abuse the /app/search/search endpoint via the s parameter...

5.7CVSS7.2AI score0.00435EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2025/03/26 10:6 p.m.4 views

CVE-2025-20232 Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

5.7CVSS5.7AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/26 10:6 p.m.27 views

CVE-2025-20232 Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command...

5.7CVSS0.00435EPSS
Exploits0References1
Rows per page
Query Builder