CVE-2024-53243

Summary

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.3 < 9.3.2affected
SplunkSplunk Enterprise9.2 < 9.2.4affected
SplunkSplunk Enterprise9.1 < 9.1.7affected
SplunkSplunk Secure Gateway3.8 < 3.8.5affected
SplunkSplunk Secure Gateway3.7 < 3.7.18affected
SplunkSplunk Secure Gateway3.4 < 3.4.262affected

Weaknesses

  • CWE-200: The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References