CVE-2024-53244

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on “/en-US/app/search/report“ endpoint through “s“ parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-1202	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

No history.

Information

Published : 2024-12-10 18:15

Updated : 2025-03-06 20:15

NVD link : CVE-2024-53244

Mitre link : CVE-2024-53244

CVE.ORG link : CVE-2024-53244

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-53244", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-12-10T18:15:41.243", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-1202", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the \u201cadmin\u201c or \u201cpower\u201c Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on \u201c/en-US/app/search/report\u201c endpoint through \u201cs\u201c parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 9.3.2, 9.2.4 y 9.1.7 y en las versiones de Splunk Cloud Platform anteriores a 9.2.2406.107, 9.2.2403.109 y 9.1.2312.206, un usuario con pocos privilegios que no tenga los roles de Splunk \u201cadmin\u201d o \u201cpower\u201d podr\u00eda ejecutar una b\u00fasqueda guardada con un comando riesgoso utilizando los permisos de un usuario con mayores privilegios para eludir las medidas de seguridad de SPL para comandos riesgosos en el punto de conexi\u00f3n \u201c/en-US/app/search/report\u201d a trav\u00e9s del par\u00e1metro \u201cs\u201d.<br>La vulnerabilidad requiere que el atacante enga\u00f1e a la v\u00edctima para que inicie una solicitud dentro de su navegador. El usuario autenticado no deber\u00eda poder explotar la vulnerabilidad a voluntad."}], "lastModified": "2025-03-06T20:15:11.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "6653C37D-03C0-47C1-BC9C-510EBB0CB4BE", "versionEndExcluding": "9.1.7", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E31DE8DF-1AAD-4570-93E3-711C07FE1227", "versionEndExcluding": "9.2.4", "versionStartIncluding": "9.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A709D871-A35B-4CF2-A9D7-23CE29D0A8C6", "versionEndExcluding": "9.3.2", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0338CF9-1AC9-4F45-9A68-06172C6B36A1", "versionEndExcluding": "9.1.2312.206", "versionStartIncluding": "9.1.2312"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D640552-2CAE-4747-9683-C7DC45D556EF", "versionEndExcluding": "9.2.2403.109", "versionStartIncluding": "9.2.2403"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C9D4F64-DAA8-4692-AE4F-171777E8D7C3", "versionEndExcluding": "9.2.2406.107", "versionStartIncluding": "9.2.2406"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}