CVE-2025-20230Improper Access Control in Enterprise

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.1%
top 78.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk EnterpriseSplunk Secure GatewaySplunk
Timeline
PublishedMar 26
Latest updateMar 27

Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.In the affected versions, the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5splunk/splunk_secure_gateway3.83.8.38+1
NVDsplunk/splunk_secure_gateway3.7.03.7.23+1
CVEListV5splunk/splunk_enterprise9.49.4.1+3
NVDsplunk/splunk9.1.09.1.8+3

🔴Vulnerability Details

2
GHSA
GHSA-pr9m-r5mr-v22j: In Splunk Enterprise versions below 92025-03-27
CVEList
Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App2025-03-26
CVE-2025-20230 — Improper Access Control in Splunk | cvebase