CVE-2024-45732 — Missing Authorization in Cloud Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

6.5MEDIUMNVD

CNA7.1

EPSS

0.2%

top 55.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise Splunk

Timeline

PublishedOct 14

Description

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5splunk/splunk_cloud_platform9.2.2403 — 9.2.2403.103+2

▶NVDsplunk/splunk_cloud_platform9.1.2312.100 — 9.1.2312.110+2

▶CVEListV5splunk/splunk_enterprise9.3 — 9.3.1+1

▶NVDsplunk/splunk9.2.0 — 9.2.3+1

🔴Vulnerability Details

CVEList

Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app↗2024-10-14

▶

GHSA

GHSA-7p24-phjr-m5fc: In Splunk Enterprise versions below 9↗2024-10-14

▶