CVE-2024-45732

Description

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected products

Splunk / Splunk Cloud Platform9.2.2403 – 9.2.2403.103
Splunk / Splunk Cloud Platform9.1.2312 – 9.1.2312.110, 9.1.2312.200
Splunk / Splunk Cloud Platform9.1.2308 – 9.1.2308.208
Splunk / Splunk Enterprise9.3 – 9.3.1
Splunk / Splunk Enterprise9.2 – 9.2.3

References

VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2024-1002
MISChttps://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f/