CyberRota
← Ana sayfaya dön

CVE-2026-20297

HIGH · CVSS 7.2

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-15T18:16:44.880 · Çekilme zamanı: 2026-07-16T06:07:17.275162+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-20297
Severity
HIGH
CVSS
7.2
EPSS
Yok

Orijinal NVD Açıklaması

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.<br><br>The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.