关键漏洞信息 漏洞标题 Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise 漏洞标识 Advisory ID: SVD-2025-1207 CVE ID: CVE-2025-20388 CVSSv3.1 Score: 2.7, Low CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CWE: CWE-918 Bug ID: VULN-25727 发布与更新信息 Published: 2025-12-03 Last Update: 2025-12-03 描述 In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains the high-privilege capability could enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. 解决方案 Upgrade Splunk Enterprise to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10, or higher. Splunk is actively monitoring and patching Splunk Cloud Platform instances. 产品状态 缓解措施和变通方法 None 检测 None 严重性 Splunk rates this vulnerability a 2.7, Low, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. 致谢 Mr Hack (try_to_hack) Santiago Lopez