CVE-2018-7431

MEDIUM

Splunk Enterprise 6.0.0-6.5.2 & Light <6.6.0 Authenticated Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.splunk.com/view/SP-CAAAP5T

Scores

CVSS v3 6.5
EPSS 0.0037
EPSS Percentile 59.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
splunk/splunk < 6.6.0
splunk/splunk 6.0.0 - 6.0.14
Published Oct 23, 2018
Tracked Since Feb 18, 2026