SB2024012252 - Multiple vulnerabilities in Splunk Enterprise

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2024-23675)

The vulnerability allows a remote user to delete certain data.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and delete KV Store collections.

2) Input validation error (CVE-ID: CVE-2024-23676)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. A remote user can gain access to sensitive information.

3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-23677)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the RapidDiag utility discloses server responses to an external application upload request in a log file. A remote user can read the log files and gain access to sensitive data.

4) Deserialization of Untrusted Data (CVE-ID: CVE-2024-23678)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data from a separate disk partition on the machine. A local user can pass specially crafted input to the application and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://advisory.splunk.com/advisories/SVD-2024-0105
• https://advisory.splunk.com/advisories/SVD-2024-0106
• https://advisory.splunk.com/advisories/SVD-2024-0107
• https://advisory.splunk.com/advisories/SVD-2024-0108