Splunk Enterprise <9.0.8/9.1.3 KV Store API Privilege Escalation Deletion
CVE-2024-23675 Published on January 22, 2024
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2024-23675 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2024-23675
stack.watch emails you whenever new vulnerabilities are published in Splunk Cloud or Splunk. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 9.0 and below 9.0.8 is affected.
- Version 9.1 and below 9.1.3 is affected.
- Version - and below 9.1.2312.100 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.