Vulnerabilities > Splunk > Cloud > 9.1.2308
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |
2024-01-22 | CVE-2024-23676 | Unspecified vulnerability in Splunk Cloud and Splunk In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. | 3.5 |