Lucene search

SplunkVULNRICHMENT:CVE-2024-36993

HistoryJul 01, 2024 - 4:54 p.m.

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

2024-07-0116:54:35

Splunk

github.com

splunk enterprise

splunk cloud platform

xss

web bulletin

javascript

browser

security vulnerability

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.3 High

AI Score

Confidence

Low

JSON

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.

CNA Affected

[
  {
    "vendor": "Splunk",
    "product": "Splunk Enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "9.2",
        "lessThan": "9.2.2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.1",
        "lessThan": "9.1.5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.0",
        "lessThan": "9.0.10",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Splunk",
    "product": "Splunk Cloud Platform",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.2312",
        "lessThan": "9.1.2312.200",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "9.1.2308",
        "lessThan": "9.1.2308.207",
        "versionType": "custom"
      }
    ]
  }
]

References

advisory.splunk.com/advisories/SVD-2024-0713

research.splunk.com/application/fd852b27-1882-4505-9f2c-64dfb96f4fc1