CVE-2024-23675 — Improper Access Control in Cloud

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 78.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Splunk Enterprise Splunk Cloud +1 more

Timeline

PublishedJan 22

Description

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5splunk/splunk_enterprise9.0 — 9.0.8+1

▶NVDsplunk/cloud< 9.1.2312.100

▶NVDsplunk/splunk9.0.0 — 9.0.8+1

▶CVEListV5splunk/splunk_cloud- — 9.1.2312.100

🔴Vulnerability Details

GHSA

GHSA-h7m5-mp8f-v424: In Splunk Enterprise versions below 9↗2024-01-22

▶

CVEList

Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion↗2024-01-22

▶