CVE-2024-45734

CVSS V2 None CVSS V3 None

Description

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.

Overview

CVE ID
CVE-2024-45734

Assigner
Splunk

Vulnerability Status
PUBLISHED

Published Version
2024-10-14T17:03:30.412Z

Last Modified Date
2024-10-14T17:03:30.412Z

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://advisory.splunk.com/advisories/SVD-2024-1004
https://research.splunk.com/application/7464e2dc-98a5-4af9-87a1-fa6d5a256fa6/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-45734
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45734

History

Created	Old Value	New Value	Data Type	Notes
2024-10-15 13:20:29				Added to TrackCVE