CVE-2024-53243
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-53243: In affected versions of Splunk Enterprise and Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user bypassed the intended access control, enabling them to view alert search query responses via KVstore collections endpoints. Affected versions include Splunk Enterprise below 9.3.2, 9.2.4, and 9.1.7 and Splunk Secure Gateway app below 3.2.462, 3.7.18, and 3.8.5. This vulnerability could potentially lead to unauthorized access to sensitive information. Users are advised to upgrade their Splunk installations to the latest versions to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.