CNNVD-202512-376 Information
CNNVD ID
CNNVD-202512-376
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Enterprise是美国Splunk公司的一套数据收集分析软件。 Splunk Enterprise 10.0.2之前版本、9.4.6版本、9.3.8版本和9.2.10版本存在安全漏洞,该漏洞源于安装或升级时权限分配不当,可能导致非管理员用户访问安装目录及其内容。
Description (English)
Splunk Enterprise is a data collection and analysis software for the United States company Splunk. There is a security loophole in previous versions of Splunk Enterprise 10.2, version 9.4.6, version 9.3.8 and version 9.2.10, which stems from the misallocation of authority at the time of installation or upgrade, which may result in non-administer users accessing the installation catalogue and its contents.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1205 https://vigilance.fr/vulnerability/Splunk-Enterprise-file-read-write-via-Windows-Installation-48969
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: