CVE-2026-20297
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-22
Limitación incorrecta de nombre de ruta a un directorio restringido (Path Traversal)
Fecha de publicación:
15/07/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, 9.4.13, and 9.3.14, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.2.2510.18, and 10.1.2507.24, a user who holds a role that contains the `edit_local_apps` and `install_apps` capabilities could cause a legitimate app installation to write files outside the intended app directory, into `$SPLUNK_HOME/etc/` and its subdirectories.The vulnerability is caused by a path traversal in the app installation workflow, which does not restrict the installation path to the intended app directory.
Impacto
Puntuación base 3.x
7.20
Gravedad 3.x
ALTA



