CVE-2024-53243

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.2, 9.2.4, and 9.1.7 Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.2.462, 3.7.18, and 3.8.5

Description: The issue is related to improper access control in the Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints. This could allow a low-privileged user without the "admin" or "power" Splunk roles to see alert search query responses. The vulnerability may enable a remote attacker to gain unauthorized access to protected information due to insufficient protection of service data resulting from improper access control to the KV Store.

Recommendations: For Splunk Enterprise versions prior to 9.3.2, 9.2.4, and 9.1.7, update to version 9.3.2, 9.2.4, or 9.1.7 or later. For Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.2.462, 3.7.18, and 3.8.5, update to version 3.2.462, 3.7.18, or 3.8.5 or later. As a temporary workaround, consider restricting access to the KV Store collections endpoints until a patch is available.