In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-1201 |
![]() ![]() |
History
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | |
Title | Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Splunk
Published: 2024-12-10T18:00:49.236Z
Updated: 2025-02-28T11:03:42.526Z
Reserved: 2024-11-19T18:30:28.773Z
Link: CVE-2024-53243

Updated: 2024-12-10T20:40:39.777Z

Status : Received
Published: 2024-12-10T18:15:41.093
Modified: 2024-12-10T18:15:41.093
Link: CVE-2024-53243

No data.