CVE-2024-23676

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3

Description The issue is related to insufficient input validation, allowing a remote attacker to gain unauthorized access to protected information using the mrollup SPL command. This requires user interaction from a high-privileged user to exploit. A low-privileged user can view metrics on an index they do not have permission to view.

Recommendations For versions prior to 9.0.8, update to version 9.0.8 or later to resolve the issue. For versions prior to 9.1.3, update to version 9.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the mrollup SPL command until a patch is available.