- Description
- In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
- Source
- prodsec@splunk.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 3.5
- Impact score
- 1.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
- Severity
- LOW
- prodsec@splunk.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F37499F-F597-4CE3-8E14-E53AE6B46202",
"versionEndExcluding": "9.1.2308.200"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51D25D9F-2F3B-4A9A-B468-1DF8EB682692",
"versionEndExcluding": "9.0.8",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "125F126C-4B0F-4B3D-891F-498E6DE761D7",
"versionEndExcluding": "9.1.3",
"versionStartIncluding": "9.1.0"
}
],
"operator": "OR"
}
]
}
]