CNNVD-202512-375 Information
CNNVD ID
CNNVD-202512-375
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Universal Forwarder是Splunk公司的一个Splunk组件。 Splunk Universal Forwarder 10.0.2之前版本、9.4.6版本、9.3.8版本和9.2.10版本存在安全漏洞,该漏洞源于安装或升级时权限分配不当,可能导致非管理员用户访问安装目录及其内容。
Description (English)
Splunk Universal Forwarder is a Splunk component of Splunk. There is a security loophole in previous versions of Splunk Universal Forwarder 10.2, Version 9.4.6, Version 9.3.8 and Version 9.2.10, which stems from the misallocation of authority at the time of installation or upgrade and may lead to access to the installation catalogue and its contents by non-administer users.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1206 https://vigilance.fr/vulnerability/Splunk-Enterprise-file-read-write-via-Universal-Forwarder-48970
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: