Vulnerabilities > CVE-2024-53244 - Unspecified vulnerability in Splunk and Splunk Cloud Platform

CVSS 5.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

splunk

NVD

Published: 2024-12-10

Updated: 2025-03-06

Summary

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.1.0 Splunk Splunk 9.1.0.1 Splunk Splunk 9.1.0.2 Splunk Splunk 9.1.1 Splunk Splunk 9.1.2 Splunk Splunk 9.1.3 Splunk Splunk 9.1.4 Splunk Splunk 9.1.5 Splunk Splunk 9.1.6 Splunk Splunk 9.2.0 Splunk Splunk 9.2.1 Splunk Splunk 9.2.2 Splunk Splunk 9.2.3 Splunk Splunk 9.3.0 Splunk Splunk 9.3.1 Splunk Splunk Cloud Platform 9.1.2312 Splunk Splunk Cloud Platform 9.1.2312.100 Splunk Splunk Cloud Platform 9.1.2312.108 Splunk Splunk Cloud Platform 9.1.2312.109 Splunk Splunk Cloud Platform 9.2.2403 Splunk Splunk Cloud Platform 9.2.2403.100 Splunk Splunk Cloud Platform 9.2.2403.108 Splunk Splunk Cloud Platform 9.2.2406 Splunk Splunk Cloud Platform 9.2.2406.100 Splunk Splunk Cloud Platform 9.2.2406.106	25

References

https://advisory.splunk.com/advisories/SVD-2024-1202