CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

CVE-2024-53243

CVE-2024-53243 affects Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform. The root cause is improper access control in the Splunk Secure Gateway KVstore endpoints, enabling a low-privileged user without admin/power roles to view alert search query responses. Affected pr...