Splunk Enterprise/Cloud CVE-2024-45732 Low-priv User Privilege Escalation via SplunkDeploymentServerConfig

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability ID: SVD-2024-1002 - CVE ID: CVE-2024-45732 - Release Date: 2024-10-14 - Update Date: 2024-10-14 - CVSSv3.1 Score: 7.1, High - CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N - CWE: CWE-862 - Bug ID: VULN-14891 2. Vulnerability Impact: - Affected Splunk Enterprise versions: All versions below 9.3.1 and 9.2.0, as well as versions below Splunk Cloud Platform. - Affected Splunk Cloud Platform versions: 9.2.2403.103, 9.1.2312.200, 9.1.2312.110, and 9.1.2308.208. - Low-privileged users can run searches as the user within the SplunkDeploymentServerConfig app, potentially accessing restricted data. 3. Solution: - Upgrade Splunk Enterprise to version 9.3.1 or higher. - Splunk Cloud Platform version 9.1.2308.208 is not affected. 4. Product Status: - Lists affected Splunk Enterprise and Splunk Cloud Platform versions along with their fixed versions. 5. Mitigations and Workarounds: - Modify metadata settings in the file to restrict write access to knowledge objects. - Disable Splunk Web as a mitigation measure. 6. Detection: - Splunk Low-priv search as nobody in SplunkDeploymentServerConfig app. 7. Severity: - Splunk rates this vulnerability as 7.1, High, with CVSSv3.1 vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N. 8. Acknowledgement: - Acknowledged by Anton (therceman). This information provides a detailed description of the vulnerability, its scope of impact, solutions, and mitigation measures.

Goal Reached Thanks to every supporter — we hit 100%!

Splunk Enterprise/Cloud CVE-2024-45732 Low-priv User Privilege Escalation via SplunkDeploymentServerConfig