| ID |
CVE-2026-20259
|
| Sažetak |
In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability `edit_saved_search_owner` could reassign saved search ownership to users outside their authorized scope. The ownership reassignment endpoint lacks access control. |
| Reference |
|
| CVSS |
| Base: | 5.5 |
| Impact: | 4.2 |
| Exploitability: | 1.2 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
HIGH |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| HIGH |
LOW |
NONE |
|
| CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N |
| Zadnje važnije ažuriranje |
12-06-2026 - 19:50 |
| Objavljeno |
10-06-2026 - 18:16 |
