CVE-2024-36989

CVSS V2 None CVSS V3 None

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

Overview

CVE ID
CVE-2024-36989

Assigner
Splunk

Vulnerability Status
PUBLISHED

Published Version
2024-07-01T16:30:38.545Z

Last Modified Date
2024-07-01T23:33:05.247Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://advisory.splunk.com/advisories/SVD-2024-0709
https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-36989
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36989

History

Created	Old Value	New Value	Data Type	Notes
2024-07-02 13:07:46				Added to TrackCVE