CVE-2024-45737

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.108 Splunk Cloud Platform versions prior to 9.1.2312.204

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability in the Splunk Web component of Splunk Enterprise. This vulnerability can be exploited by a low-privileged user who does not hold the "admin" or "power" Splunk roles, allowing them to change the maintenance mode state of App Key Value Store (KVStore). The exploitation can be done through a specially crafted web page.

Recommendations For Splunk Enterprise versions prior to 9.3.1, update to version 9.3.1 or later. For Splunk Enterprise versions prior to 9.2.3, update to version 9.2.3 or later. For Splunk Enterprise versions prior to 9.1.6, update to version 9.1.6 or later. For Splunk Cloud Platform versions prior to 9.2.2403.108, update to version 9.2.2403.108 or later. For Splunk Cloud Platform versions prior to 9.1.2312.204, update to version 9.1.2312.204 or later. As a temporary workaround, consider restricting access to the KVStore maintenance mode to minimize the risk of exploitation.