CVE-2024-36995 - OpenCVE

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk Splunk Cloud Platform

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2024-0715
https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-07-01T16:52:57.700Z

Updated: 2024-08-02T03:43:50.580Z

Reserved: 2024-05-30T16:36:21.002Z

Link: CVE-2024-36995

Vulnrichment

Updated: 2024-08-02T03:43:50.580Z

NVD

Status : Analyzed

Published: 2024-07-01T17:15:08.707

Modified: 2024-08-02T14:55:40.310

Link: CVE-2024-36995

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36995", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-05-30T16:36:21.002Z", "datePublished": "2024-07-01T16:52:57.700Z", "dateUpdated": "2024-08-02T03:43:50.580Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.2"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.5"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.10"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.200"}, {"version": "9.1.2308", "status": "affected", "versionType": "custom", "lessThan": "9.1.2308.207"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items."}], "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0715"}, {"url": "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34"}], "title": "Low-privileged user could create experimental items", "datePublic": "2024-07-01T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "description": "The software does not perform an authorization check when an actor attempts to access a resource or perform an action.", "cweId": "CWE-862"}]}], "source": {"advisory": "SVD-2024-0715"}, "credits": [{"lang": "en", "value": "MrHack"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-03T16:06:52.261Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-01T20:49:54.901075Z", "id": "CVE-2024-36995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T20:50:04.635Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.580Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0715", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0715", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.580Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-01T20:49:54.901075Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T20:49:59.684Z"}}], "cna": {"title": "Low-privileged user could create experimental items", "source": {"advisory": "SVD-2024-0715"}, "credits": [{"lang": "en", "value": "MrHack"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.200", "versionType": "custom"}, {"status": "affected", "version": "9.1.2308", "lessThan": "9.1.2308.207", "versionType": "custom"}]}], "datePublic": "2024-07-01T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0715"}, {"url": "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "cweId": "CWE-862", "description": "The software does not perform an authorization check when an actor attempts to access a resource or perform an action."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-03T16:06:52.261Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36995", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:43:50.580Z", "dateReserved": "2024-05-30T16:36:21.002Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-07-01T16:52:57.700Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3", "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "D220E842-2B15-416F-960B-397166883F9F", "versionEndExcluding": "9.1.2308.207", "versionStartIncluding": "9.1.2308", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "7783EE7D-586D-4245-9B62-204240F5B6A3", "versionEndExcluding": "9.1.2312.200", "versionStartIncluding": "9.1.2312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200 y 9.1.2308.207, un usuario con pocos privilegios que no tenga los roles de administrador o poder de Splunk podr\u00eda crear elementos experimentales."}], "id": "CVE-2024-36995", "lastModified": "2024-08-02T14:55:40.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2024-07-01T17:15:08.707", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0715"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/84afda04-0cd6-466b-869e-70d6407d0a34"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}