CVE-2024-45732

Summary

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.3 < 9.3.1affected
SplunkSplunk Enterprise9.2 < 9.2.3affected
SplunkSplunk Cloud Platform9.2.2403 < 9.2.2403.103affected
SplunkSplunk Cloud Platform9.1.2312 < 9.1.2312.110, 9.1.2312.200affected
SplunkSplunk Cloud Platform9.1.2308 < 9.1.2308.208affected

Weaknesses

  • CWE-862: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References