This is a vulnerability writeup describing an arbitrary file read vulnerability in Splunk <= 4.3.3. The issue allows authenticated users with admin privileges to read arbitrary files on the server via the 'Data Preview' functionality.
Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Splunk <= 4.3.3
Auth required
Prerequisites:Authenticated access to Splunk with admin privileges