Home

Description

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.

PUBLISHED Reserved 2024-11-19 | Published 2024-12-10 | Updated 2025-02-28 | Assigner Splunk




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Product status

9.3 (custom) before 9.3.2
affected

9.2 (custom) before 9.2.4
affected

9.1 (custom) before 9.1.7
affected

3.8 (custom) before 3.8.5
affected

3.7 (custom) before 3.7.18
affected

3.4 (custom) before 3.4.262
affected

Credits

Anton (therceman)

References

advisory.splunk.com/advisories/SVD-2024-1201

cve.org (CVE-2024-53243)

nvd.nist.gov (CVE-2024-53243)