Vulnerability Description
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Cloud | >= 9.1.2308, < 9.1.2308.207 |
| Splunk | Splunk | >= 9.0.0, < 9.0.10 |
Related Weaknesses (CWE)
References
- https://advisory.splunk.com/advisories/SVD-2024-0706Vendor Advisory
- https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/Mitigation
- https://advisory.splunk.com/advisories/SVD-2024-0706Vendor Advisory
- https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/Mitigation
FAQ
What is CVE-2024-36986?
CVE-2024-36986 is a vulnerability with a CVSS score of 6.3 (MEDIUM). In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permission...
How severe is CVE-2024-36986?
CVE-2024-36986 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-36986?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Cloud, Splunk Splunk.