CVE-2018-7431

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.
References
Link Resource
https://www.splunk.com/view/SP-CAAAP5T Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:splunk:splunk:*:*:*:*:light:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*

History

No history.

Information

Published : 2018-10-23 21:31

Updated : 2023-12-10 12:44


NVD link : CVE-2018-7431

Mitre link : CVE-2018-7431

CVE.ORG link : CVE-2018-7431


JSON object : View

Products Affected

splunk

  • splunk
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')