cvelistv5 - cve-2024-23676

▼	URL	Tags
	prodsec@splunk.com	https://advisory.splunk.com/advisories/SVD-2024-0106	Vendor Advisory
	prodsec@splunk.com	https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/	Vendor Advisory

▼	Vendor	Product
	Splunk	Splunk Enterprise
	Splunk	Splunk Cloud

ghsa-6g54-284w-pj4p

Vulnerability from github

Published

2024-01-22 21:31

Modified

2024-01-29 18:31

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Details

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-23676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-22T21:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.",
  "id": "GHSA-6g54-284w-pj4p",
  "modified": "2024-01-29T18:31:47Z",
  "published": "2024-01-22T21:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23676"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0106"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2024-23676

Vulnerability from gsd

Modified

2024-01-20 06:02

Details

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

Aliases

CVE-2024-23676

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-23676"
      ],
      "details": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.",
      "id": "GSD-2024-23676",
      "modified": "2024-01-20T06:02:17.746905Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "ID": "CVE-2024-23676",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.0",
                          "version_value": "9.0.8"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.1",
                          "version_value": "9.1.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Splunk Cloud",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "-",
                          "version_value": "9.1.2308.200"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Anton (therceman)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://advisory.splunk.com/advisories/SVD-2024-0106",
            "refsource": "MISC",
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0106"
          },
          {
            "name": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/",
            "refsource": "MISC",
            "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2024-0106"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9F37499F-F597-4CE3-8E14-E53AE6B46202",
                    "versionEndExcluding": "9.1.2308.200",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "51D25D9F-2F3B-4A9A-B468-1DF8EB682692",
                    "versionEndExcluding": "9.0.8",
                    "versionStartIncluding": "9.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                    "matchCriteriaId": "125F126C-4B0F-4B3D-891F-498E6DE761D7",
                    "versionEndExcluding": "9.1.3",
                    "versionStartIncluding": "9.1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
          },
          {
            "lang": "es",
            "value": "En las versiones de Splunk inferiores a 9.0.8 y 9.1.3, el comando SPL \u201cmrollup\u201d permite a un usuario con pocos privilegios ver m\u00e9tricas en un \u00edndice para el que no tiene permiso. Esta vulnerabilidad requiere la interacci\u00f3n de un usuario con altos privilegios para poder explotarla."
          }
        ],
        "id": "CVE-2024-23676",
        "lastModified": "2024-01-29T17:57:24.363",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.1,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.1,
              "impactScore": 2.5,
              "source": "prodsec@splunk.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-22T21:15:10.530",
        "references": [
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0106"
          },
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
          }
        ],
        "sourceIdentifier": "prodsec@splunk.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "prodsec@splunk.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

wid-sec-w-2024-0174

Vulnerability from csaf_certbund

Published

2024-01-22 23:00

Modified

2024-01-22 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux - MacOS X - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Dateien zu manipulieren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0174 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0174.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0174 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0174"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2024-01-22",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0105"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2024-01-22",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0106"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2024-01-22",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0107"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2024-01-22",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0108"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2024-01-22",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0109"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-22T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:57:36.544+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0174",
      "initial_release_date": "2024-01-22T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise \u003c 9.0.8",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 9.0.8",
                  "product_id": "T032275",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise \u003c 9.1.3",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c 9.1.3",
                  "product_id": "T032276",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23675",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Splunk Splunk Enterprise. Dieser Fehler besteht in der App Key Value Store aufgrund einer unsachgem\u00e4\u00dfen Behandlung von Berechtigungen f\u00fcr Benutzer, die die REST-Anwendungsprogrammierschnittstelle verwenden, was zum L\u00f6schen von KV Store-Sammlungen f\u00fchrt. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23675"
    },
    {
      "cve": "CVE-2024-23676",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Splunk Splunk Enterprise. Dieser Fehler besteht im SPL-Befehl \"mrollup\", mit dem Metriken zu einem Index angezeigt werden k\u00f6nnen. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23676"
    },
    {
      "cve": "CVE-2024-23677",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Splunk Splunk Enterprise. Dieser Fehler besteht im Dienstprogramm RapidDiag, das Serverantworten auf eine Upload-Anforderung einer externen Anwendung in einer Protokolldatei offenlegt. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23677"
    },
    {
      "cve": "CVE-2024-23678",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Splunk Splunk Enterprise. Dieser Fehler besteht nur unter Windows-Betriebssystemen, da das Produkt Pfadeingabedaten nicht korrekt bereinigt, was zu einer unsicheren Deserialisierung von nicht vertrauensw\u00fcrdigen Daten aus einer separaten Festplattenpartition f\u00fchrt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen nicht spezifizierten Angriff auszuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "release_date": "2024-01-22T23:00:00Z",
      "title": "CVE-2024-23678"
    }
  ]
}

cve-2024-23676

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

cve-2024-23676

Vulnerability from cvelistv5

ghsa-6g54-284w-pj4p

Vulnerability from github

gsd-2024-23676

Vulnerability from gsd

wid-sec-w-2024-0174

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature