Low-Privileged User Vulnerability in Splunk Enterprise
CVE-2024-45732

7.1HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 14 October 2024

Summary

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users, lacking the 'admin' or 'power' roles, to execute searches as the 'nobody' user within the SplunkDeploymentServerConfig app. This could potentially expose sensitive or restricted data, raising significant security concerns for environments where data access needs strict control.

Affected Version(s)

Splunk Cloud Platform 9.2.2403 < 9.2.2403.103

Splunk Cloud Platform 9.1.2312 < 9.1.2312.110, 9.1.2312.200

Splunk Cloud Platform 9.1.2308 < 9.1.2308.208

References

https://advisory.splunk.com/advisories/SVD-2024-1002

https://research.splunk.com/application/f765c3fe-c3b6-4af...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2024

Credit

Anton (therceman)