module
Authenticated RCE in Splunk (splunk_archiver app)
| Disclosed |
|---|
| Jul 1, 2024 |
Disclosed
Jul 1, 2024
Description
This Metasploit module exploits a Remote Code Execution (RCE) vulnerability in Splunk Enterprise (splunk_archiver application).
The flaw is rooted in the unsafe use of a Splunk lookup function, specifically | copybuckets, within the splunk_archiver application,
which ultimately leads to the execution of the helper script sudobash with attacker-controlled arguments.
The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0 through 9.2.2.
The flaw is rooted in the unsafe use of a Splunk lookup function, specifically | copybuckets, within the splunk_archiver application,
which ultimately leads to the execution of the helper script sudobash with attacker-controlled arguments.
The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0 through 9.2.2.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.