THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-36985

Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise

AssignerSplunk
Reserved2024-05-30
Published2024-07-01
Updated2024-07-10

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, a low-privileged user that does not hold the admin or power Splunk roles could cause a Remote Code Execution through an external lookup that references the “splunk_archiver“ application.



HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

Product status

9.2 before 9.2.2
affected

9.1 before 9.1.5
affected

9.0 before 9.0.10
affected

Credits

Alex Hordijk

References

https://advisory.splunk.com/advisories/SVD-2024-0705

https://research.splunk.com/application/8598f9de-bba8-42a4-8ef0-12e1adda4131

cve.org CVE-2024-36985

nvd.nist.gov CVE-2024-36985

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-36985
© Copyright 2024 THREATINT. Made in Cyprus with +