Splunk Enterprise and Cloud Platform Improper Input Validation Vulnerability in User Account Creation
Vulnerability
A vulnerability exists in Splunk Enterprise versions prior to 10.2.2, 10.0.5, 9.4.10, and 9.3.11, as well as in Splunk Cloud Platform versions prior to 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127. The issue arises from improper input validation, allowing users with the 'edit_user' capability to create usernames that include null bytes or non-UTF-8 percent-encoded bytes. This could result in inconsistent username formatting for storage and account management, leading to difficulties in editing or deleting affected user accounts.
Impact
Exploitation of this vulnerability could cause account management issues, such as the inability to edit or delete users with affected usernames.
Remediation
Users should upgrade to Splunk Enterprise versions 10.2.2, 10.0.5, 9.4.10, 9.3.11 or higher. For Splunk Cloud Platform, instances are being actively monitored and patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.