CVE-2024-36989 — Improper Access Control in Cloud Platform

CWE-284 — Improper Access Control3 documents3 sources

Severity

4.3MEDIUMNVD

CNA7.1

EPSS

0.2%

top 56.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise Splunk Cloud +1 more

Timeline

PublishedJul 1

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform9.1.2312 — 9.1.2312.200

▶NVDsplunk/cloud9.1.2312 — 9.1.2312.200

▶CVEListV5splunk/splunk_enterprise9.2 — 9.2.2+2

▶NVDsplunk/splunk9.0.0 — 9.0.10+2

🔴Vulnerability Details

CVEList

Low-privileged user could create notifications in Splunk Web Bulletin Messages↗2024-07-01

▶

GHSA

GHSA-x3vh-gwhf-vr8w: In Splunk Enterprise versions below 9↗2024-07-01

▶