CVE-2024-23675

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3

Description The issue is related to improper handling of permissions for users that use the REST application programming interface (API) in the Splunk app key value store (KV Store). This can potentially result in the deletion of KV Store collections. The vulnerability is associated with deficiencies in access control to the KV Store, which can allow a remote attacker to delete data from the KV Store.

Recommendations For versions prior to 9.0.8, update to version 9.0.8 or later to resolve the issue. For versions prior to 9.1.3, update to version 9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the KV Store for users that use the REST API until a patch is available.