Splunk <=9.3.1 Search as 'nobody' via SplunkDeploymentServerConfig
CVE-2024-45732 Published on October 14, 2024
Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-45732 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-45732
stack.watch emails you whenever new vulnerabilities are published in Splunk or Splunk Cloud Platform. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 9.3 and below 9.3.1 is affected.
- Version 9.2 and below 9.2.3 is affected.
- Version 9.2.2403 and below 9.2.2403.103 is affected.
- Version 9.1.2312 and below 9.1.2312.110, 9.1.2312.200 is affected.
- Version 9.1.2308 and below 9.1.2308.208 is affected.
- Version 9.3 and below 9.3.1 is affected.
- Version 9.2 and below 9.2.3 is affected.
- Version 9.2.2403 and below 9.2.2403.103 is affected.
- Version 9.1.2312 and below 9.1.2312.200 is affected.
- Version 9.1.2312.110 is unaffected.
- Version 9.1.2308 and below 9.1.2308.208 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.