In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
8.1CVSS
7.9AI Score
0.001EPSS
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the userβs machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attack...
6.1CVSS
6.2AI Score
0.0005EPSS