CVE-2024-23675

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-0105	Vendor Advisory
https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:cloud::::::::
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*

History

29 Jan 2024, 18:04

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:cloud:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*
CWE		CWE-863
First Time		Splunk splunk Splunk cloud Splunk
References	~~() https://advisory.splunk.com/advisories/SVD-2024-0105 -~~	() https://advisory.splunk.com/advisories/SVD-2024-0105 - Vendor Advisory
References	~~() https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ -~~	() https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ - Vendor Advisory

24 Jan 2024, 19:15

Type	Values Removed	Values Added
References		() https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ -

23 Jan 2024, 13:44

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almacén de valores clave de la aplicación Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programación de aplicaciones (API) REST. Potencialmente, esto puede resultar en la eliminación de las colecciones de KV Store.

22 Jan 2024, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-22 21:15

Updated : 2024-04-10 01:15

NVD link : CVE-2024-23675

Mitre link : CVE-2024-23675

CVE.ORG link : CVE-2024-23675

JSON object : View

Products Affected

splunk

splunk
cloud

CWE

CWE-863

Incorrect Authorization

CWE-284

Improper Access Control

{"id": "CVE-2024-23675", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-01-22T21:15:10.263", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0105", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.0.8 y 9.1.3, el almac\u00e9n de valores clave de la aplicaci\u00f3n Splunk (KV Store) maneja incorrectamente los permisos para los usuarios que usan la interfaz de programaci\u00f3n de aplicaciones (API) REST. Potencialmente, esto puede resultar en la eliminaci\u00f3n de las colecciones de KV Store."}], "lastModified": "2024-04-10T01:15:18.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD58A503-42FB-4CCA-9ABE-2DBC42440867", "versionEndExcluding": "9.1.2312.100"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "51D25D9F-2F3B-4A9A-B468-1DF8EB682692", "versionEndExcluding": "9.0.8", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "125F126C-4B0F-4B3D-891F-498E6DE761D7", "versionEndExcluding": "9.1.3", "versionStartIncluding": "9.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}