// For flags

CVE-2024-23676

Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command

Severity Score

3.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL “mrollup” permite a un usuario con pocos privilegios ver métricas en un índice para el que no tiene permiso. Esta vulnerabilidad requiere la interacción de un usuario con altos privilegios para poder explotarla.

*Credits: Anton (therceman)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-19 CVE Reserved
  • 2024-01-22 CVE Published
  • 2024-01-30 EPSS Updated
  • 2024-10-30 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Splunk
Search vendor "Splunk"
Cloud
Search vendor "Splunk" for product "Cloud"
< 9.1.2308.200
Search vendor "Splunk" for product "Cloud" and version " < 9.1.2308.200"
-
Affected
Splunk
Search vendor "Splunk"
Splunk
Search vendor "Splunk" for product "Splunk"
>= 9.0.0 < 9.0.8
Search vendor "Splunk" for product "Splunk" and version " >= 9.0.0 < 9.0.8"
enterprise
Affected
Splunk
Search vendor "Splunk"
Splunk
Search vendor "Splunk" for product "Splunk"
>= 9.1.0 < 9.1.3
Search vendor "Splunk" for product "Splunk" and version " >= 9.1.0 < 9.1.3"
enterprise
Affected