CVE-2024-23675

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/01/2024
Last modified:
10/04/2024

Description

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:* 9.1.2312.100 (excluding)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* 9.0.0 (including) 9.0.8 (excluding)
cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* 9.1.0 (including) 9.1.3 (excluding)