CVE-2024-45732

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise version 9.2.0 through 9.2.3 Splunk Cloud Platform versions prior to 9.2.2403.103 Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110 Splunk Cloud Platform version 9.1.2308.208

Description The issue is related to authorization procedure flaws in Splunk Enterprise, which could allow a low-privileged user without the "admin" or "power" Splunk roles to run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data.

Recommendations For Splunk Enterprise versions prior to 9.3.1, update to version 9.3.1 or later. For Splunk Enterprise version 9.2.0 through 9.2.3, update to version 9.2.3 or later. For Splunk Cloud Platform versions prior to 9.2.2403.103, update to version 9.2.2403.103 or later. For Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110, update to a version outside of this range or later. For Splunk Cloud Platform version 9.1.2308.208, update to a version later than 9.1.2308.208. As a temporary workaround, consider restricting access to the SplunkDeploymentServerConfig app to minimize the risk of exploitation.