CVE-2024-23675
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almacén de valores clave de la aplicación Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programación de aplicaciones (API) REST. Potencialmente, esto puede resultar en la eliminación de las colecciones de KV Store.
*Credits:
Julian Kaufmann
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-19 CVE Reserved
- 2024-01-22 CVE Published
- 2024-01-30 EPSS Updated
- 2024-10-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-863: Incorrect Authorization
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://advisory.splunk.com/advisories/SVD-2024-0105 | 2024-04-10 | |
https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0 | 2024-04-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Splunk Search vendor "Splunk" | Cloud Search vendor "Splunk" for product "Cloud" | < 9.1.2312.100 Search vendor "Splunk" for product "Cloud" and version " < 9.1.2312.100" | - |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 9.0.0 < 9.0.8 Search vendor "Splunk" for product "Splunk" and version " >= 9.0.0 < 9.0.8" | enterprise |
Affected
| ||||||
Splunk Search vendor "Splunk" | Splunk Search vendor "Splunk" for product "Splunk" | >= 9.1.0 < 9.1.3 Search vendor "Splunk" for product "Splunk" and version " >= 9.1.0 < 9.1.3" | enterprise |
Affected
|