Vulnerabilites related to Splunk - Splunk Secure Gateway
cve-2024-53247
Vulnerability from cvelistv5
Published
2024-12-10 18:00
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53247", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:42:00.693072Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:14:36.313Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.7.13", status: "affected", version: "3.7", versionType: "custom", }, { lessThan: "3.4.261", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Danylo Dmytriiev (DDV_UA)", }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution (RCE).", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:41.947Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1205", }, ], source: { advisory: "SVD-2024-1205", }, title: "Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53247", datePublished: "2024-12-10T18:00:24.359Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:41.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45735
Vulnerability from cvelistv5
Published
2024-10-14 16:45
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.2 < 9.2.3 Version: 9.1 < 9.1.6 |
||||||
|
|||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_enterprise", vendor: "splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:splunk:splunk_secure_gateway:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "splunk_secure_gateway", vendor: "splunk", versions: [ { lessThan: "3.6.17", status: "affected", version: "3.6", versionType: "custom", }, { lessThan: "3.4.259", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45735", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-08T19:22:41.212370Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-08T22:27:41.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.2.3", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.6", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.6.17", status: "affected", version: "3.6", versionType: "custom", }, { lessThan: "3.4.259", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gabriel Nitu, Splunk", }, ], datePublic: "2024-10-14T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.", }, ], value: "In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:52.049Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1005", }, { url: "https://research.splunk.com/application/0a3d6035-7bef-4dfa-b01e-84349edac3b4/", }, ], source: { advisory: "SVD-2024-1005", }, title: "Improper Access Control for low-privileged user in Splunk Secure Gateway App", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-45735", datePublished: "2024-10-14T16:45:54.667Z", dateReserved: "2024-09-05T21:35:21.290Z", dateUpdated: "2025-02-28T11:03:52.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-53243
Vulnerability from cvelistv5
Published
2024-12-10 18:00
Modified
2025-02-28 11:03
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.3 < 9.3.2 Version: 9.2 < 9.2.4 Version: 9.1 < 9.1.7 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-53243", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-10T20:39:37.960229Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-10T21:13:54.950Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.3.2", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.4", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.7", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.8.5", status: "affected", version: "3.8", versionType: "custom", }, { lessThan: "3.7.18", status: "affected", version: "3.7", versionType: "custom", }, { lessThan: "3.4.262", status: "affected", version: "3.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2024-12-10T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.", }, ], value: "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T11:03:42.526Z", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2024-1201", }, ], source: { advisory: "SVD-2024-1201", }, title: "Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway", }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2024-53243", datePublished: "2024-12-10T18:00:49.236Z", dateReserved: "2024-11-19T18:30:28.773Z", dateUpdated: "2025-02-28T11:03:42.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20230
Vulnerability from cvelistv5
Published
2025-03-26 22:24
Modified
2025-03-27 13:48
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.1 Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20230", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T13:48:27.960137Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T13:48:35.678Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.4.1", status: "affected", version: "9.4", versionType: "custom", }, { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.8.38", status: "affected", version: "3.8", versionType: "custom", }, { lessThan: "3.7.23", status: "affected", version: "3.7", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gabriel Nitu, Splunk<br><br>David Chen, Splunk", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.", }, ], value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.", }, ], metrics: [ { cvssV3_1: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T22:24:15.510Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0307", }, ], source: { advisory: "SVD-2025-0307", }, title: "Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20230", datePublished: "2025-03-26T22:24:15.510Z", dateReserved: "2024-10-10T19:15:13.236Z", dateUpdated: "2025-03-27T13:48:35.678Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-20231
Vulnerability from cvelistv5
Published
2025-03-26 21:45
Modified
2025-03-28 03:55
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Splunk | Splunk Enterprise |
Version: 9.4 < 9.4.1 Version: 9.3 < 9.3.3 Version: 9.2 < 9.2.5 Version: 9.1 < 9.1.8 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-20231", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-28T03:55:50.397Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { lessThan: "9.4.1", status: "affected", version: "9.4", versionType: "custom", }, { lessThan: "9.3.3", status: "affected", version: "9.3", versionType: "custom", }, { lessThan: "9.2.5", status: "affected", version: "9.2", versionType: "custom", }, { lessThan: "9.1.8", status: "affected", version: "9.1", versionType: "custom", }, ], }, { product: "Splunk Secure Gateway", vendor: "Splunk", versions: [ { lessThan: "3.8.38", status: "affected", version: "3.8", versionType: "custom", }, { lessThan: "3.7.23", status: "affected", version: "3.7", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anton (therceman)", }, ], datePublic: "2025-03-26T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.", }, ], value: "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.<br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.", lang: "en", type: "cwe", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T21:56:25.891Z", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { url: "https://advisory.splunk.com/advisories/SVD-2025-0302", }, ], source: { advisory: "SVD-2025-0302", }, title: "Sensitive Information Disclosure in Splunk Secure Gateway App", }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2025-20231", datePublished: "2025-03-26T21:45:41.250Z", dateReserved: "2024-10-10T19:15:13.237Z", dateUpdated: "2025-03-28T03:55:50.397Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }