CVE-2024-23675

medium

Description

In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

References

https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/

https://advisory.splunk.com/advisories/SVD-2024-0105

Details

Source: Mitre, NVD

Published: 2024-01-22

Updated: 2024-04-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N