{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36992", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-05-30T16:36:21.001Z", "datePublished": "2024-07-01T16:30:51.507Z", "dateUpdated": "2024-08-02T03:43:50.532Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.2"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.5"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.10"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.200"}, {"version": "9.1.2308", "status": "affected", "versionType": "custom", "lessThan": "9.1.2308.207"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit."}], "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0712"}], "title": "Persistent Cross-site Scripting (XSS) in Dashboard Elements", "datePublic": "2024-07-01T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", "cweId": "CWE-79"}]}], "source": {"advisory": "SVD-2024-0712"}, "credits": [{"lang": "en", "value": "Anton (therceman)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-03T16:06:55.509Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T20:51:04.772976Z", "id": "CVE-2024-36992", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T20:51:12.604Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0712", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36992", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T20:51:04.772976Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T20:51:08.806Z"}}], "cna": {"title": "Persistent Cross-site Scripting (XSS) in Dashboard Elements", "source": {"advisory": "SVD-2024-0712"}, "credits": [{"lang": "en", "value": "Anton (therceman)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.200", "versionType": "custom"}, {"status": "affected", "version": "9.1.2308", "lessThan": "9.1.2308.207", "versionType": "custom"}]}], "datePublic": "2024-07-01T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0712"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "cweId": "CWE-79", "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-03T16:06:55.509Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36992", "state": "PUBLISHED", "dateUpdated": "2024-07-03T16:06:55.509Z", "dateReserved": "2024-05-30T16:36:21.001Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-07-01T16:30:51.507Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3", "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "D220E842-2B15-416F-960B-397166883F9F", "versionEndExcluding": "9.1.2308.207", "versionStartIncluding": "9.1.2308", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "7783EE7D-586D-4245-9B62-204240F5B6A3", "versionEndExcluding": "9.1.2312.200", "versionStartIncluding": "9.1.2312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The \u201curl\u201d parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podr\u00eda crear un payload malicioso a trav\u00e9s de una Vista que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo JavaScript no autorizado en el navegador de un usuario.bEl par\u00e1metro \"url\" del elemento Panel no tiene una validaci\u00f3n de entrada adecuada para rechazar URL no v\u00e1lidas, lo que podr\u00eda provocar un exploit de Cross-Site Scripting (XSS)."}], "id": "CVE-2024-36992", "lastModified": "2024-08-21T14:30:51.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2024-07-01T17:15:08.077", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0712"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}

{}