CNNVD-202512-380 Information
CNNVD ID
CNNVD-202512-380
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在输入验证错误漏洞,该漏洞源于低权限用户可创建包含自定义背景的视图仪表板,可能导致未验证的重定向。以下版本受到影响:Splunk Enterprise 10.0.2之前版本、9.4.6之前版本、9.3.8之前版本和9.2.10之前版本和Splunk Cloud Platform 10.1.2507.10之前版本、10.0.2503.8之前版本和9.3.2411.120之前版本。
Description (English)
Splunk Cloud Platform and Splunk Enterprise are products of the United States company Splunk. Splung Cloud Platform is a powerful data collection, processing and analysis service. Splung Enterprise is a data collection and analysis software. Splung Cloud Platform and Splunk Enterprise have input authentication bugs, which stem from the fact that low-authorized users can create view dashboards with custom background, which may lead to unverified redirection. The following versions were affected: the previous version of Splunk Enterprise 10.2, the previous version of 9.4.6, the pre-version of 9.3.8 and the pre-version of 9.2.10 and the pre-version of Splunk Cloud Platform 10.1.25007.10, the pre-version of 10.0.2503.8 and the pre-version of 9.3.241.120.
Hazard Level
Critical
Vulnerability Type
输入验证错误
Affected Vendor
Splunk
Published
2025-12-03
Last Modified
2026-02-24
References
https://advisory.splunk.com/advisories/SVD-2025-1201 https://vigilance.fr/vulnerability/Splunk-Enterprise-information-disclosure-via-Views-Dashboard-48965
Patch
https://www.splunk.com/en_us/products/splunk-enterprise.html
Share on: