CVE-2024-23675

Published Jan 22, 2024

Last updated 7 months ago

Overview

Description: In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
Source: prodsec@splunk.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-863
prodsec@splunk.com: CWE-284

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD58A503-42FB-4CCA-9ABE-2DBC42440867",
            "versionEndExcluding": "9.1.2312.100"
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51D25D9F-2F3B-4A9A-B468-1DF8EB682692",
            "versionEndExcluding": "9.0.8",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "125F126C-4B0F-4B3D-891F-498E6DE761D7",
            "versionEndExcluding": "9.1.3",
            "versionStartIncluding": "9.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References