CVE-2024-23676 — Improper Input Validation in Cloud

CWE-20 — Improper Input Validation3 documents3 sources

Severity

3.5LOWNVD

CNA4.6

EPSS

0.2%

top 63.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Splunk Enterprise Splunk Cloud +1 more

Timeline

PublishedJan 22

Description

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

▶NVDsplunk/cloud< 9.1.2308.200

▶NVDsplunk/splunk9.0.0 — 9.0.8+1

▶CVEListV5splunk/splunk_cloud- — 9.1.2308.200

▶CVEListV5splunk/splunk_enterprise9.0 — 9.0.8+1

🔴Vulnerability Details

CVEList

Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command↗2024-01-22

▶

GHSA

GHSA-6g54-284w-pj4p: In Splunk versions below 9↗2024-01-22

▶