Vulnerabilities > CVE-2024-45735 - Unspecified vulnerability in Splunk and Splunk Cloud Platform

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

splunk

NVD

Published: 2024-10-14

Updated: 2024-10-16

Summary

In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold the "admin" or "power" Splunk roles can see App Key Value Store (KV Store) deployment configuration and public/private keys in the Splunk Secure Gateway App.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.1.0 Splunk Splunk 9.1.0.1 Splunk Splunk 9.1.0.2 Splunk Splunk 9.1.1 Splunk Splunk 9.1.2 Splunk Splunk 9.1.3 Splunk Splunk * Splunk Splunk Cloud Platform * Splunk Splunk Cloud Platform -	9

References

https://advisory.splunk.com/advisories/SVD-2024-1005
https://research.splunk.com/application/0a3d6035-7bef-4dfa-b01e-84349edac3b4/