2018-10-23 23:31:39 2019-01-25 16:10:24

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Splunk 6.0.0 Enterprise Splunk 6.0.1 Enterprise Splunk 6.0.2 Enterprise Splunk 6.0.3 Enterprise Splunk 6.0.4 Enterprise Splunk 6.0.5 Enterprise Splunk 6.0.6 Enterprise Splunk 6.0.7 Enterprise Splunk 6.0.8 Enterprise Splunk Splunk 6.0.9 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.0.10 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.0.11 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.0.12 ~~enterprise~~~ (not an official CPE) Splunk 6.1.0 Enterprise Splunk Enterprise 6.1.3 Splunk 6.1.4 Enterprise Splunk 6.1.5 Enterprise Splunk 6.1.6 Enterprise Splunk 6.1.7 Enterprise Splunk Splunk 6.1.8 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.1.9 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.1.10 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.1.11 ~~enterprise~~~ (not an official CPE) Splunk 6.2.0 Enterprise Splunk 6.2.0 Light Splunk 6.2.1 Enterprise Splunk 6.2.1 Light Splunk 6.2.2 Enterprise Splunk 6.2.2 Light Splunk 6.2.3 Enterprise Splunk 6.2.3 Light Splunk Splunk 6.2.6 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.7 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.8 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.9 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.10 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.11 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.2.12 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.0 ~~light~~~ (not an official CPE) Splunk Splunk 6.3.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.1 ~~light~~~ (not an official CPE) Splunk Splunk 6.3.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.2 ~~light~~~ (not an official CPE) Splunk Splunk 6.3.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.3 ~~light~~~ (not an official CPE) Splunk Splunk 6.3.4 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.4 ~~light~~~ (not an official CPE) Splunk Splunk 6.3.5 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.6 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.7 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.3.8 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.2 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.2 ~~light~~~ (not an official CPE) Splunk Splunk 6.4.3 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.4.4 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.0 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.1 ~~enterprise~~~ (not an official CPE) Splunk Splunk 6.5.1 ~~light~~~ (not an official CPE)
Advisory Patch Confirmed Link
https://www.splunk.com/view/SP-CAAAP5T