CVE Details: CVE-2024-23676

Description

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

Published Date: 2024-01-22
Last Modified Date: 2024-04-10
Severity: LOW
CVSS v3 Score: 3.5
CWE ID: NVD-CWE-noinfo
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
User Interaction: REQUIRED
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

Back to CVE List