6.5
CVE-2025-20321
- EPSS 0.07%
- Veröffentlicht 07.07.2025 17:48:03
- Zuletzt bearbeitet 21.07.2025 20:57:33
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Splunk ≫ Splunk Cloud Platform Version >= 9.2.2406 < 9.2.2406.119
Splunk ≫ Splunk Cloud Platform Version >= 9.3.2408 < 9.3.2408.114
Splunk ≫ Splunk Cloud Platform Version >= 9.3.2411 < 9.3.2411.104
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.207 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| psirt@cisco.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.