U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-36986

Change History

New CVE Received from Splunk Inc. 7/01/2024 1:15:06 PM

Action Type Old Value New Value
Added Description

								
							
							
						
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
Added CVSS V3.1

								
							
							
						
Splunk Inc. AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N
Added CWE

								
							
							
						
Splunk Inc. CWE-200
Added Reference

								
							
							
						
Splunk Inc. https://advisory.splunk.com/advisories/SVD-2024-0706 [No types assigned]
Added Reference

								
							
							
						
Splunk Inc. https://research.splunk.com/application/1cf58ae1-9177-40b8-a26c-8966040f11ae/ [No types assigned]