In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-0105 | Vendor Advisory |
https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jan 2024, 18:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* |
|
CWE | CWE-863 | |
First Time |
Splunk splunk
Splunk cloud Splunk |
|
References | () https://advisory.splunk.com/advisories/SVD-2024-0105 - Vendor Advisory | |
References | () https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ - Vendor Advisory |
24 Jan 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jan 2024, 13:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
22 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-22 21:15
Updated : 2024-04-10 01:15
NVD link : CVE-2024-23675
Mitre link : CVE-2024-23675
CVE.ORG link : CVE-2024-23675
JSON object : View
Products Affected
splunk
- splunk
- cloud