4 matches found
CVE-2024-23676
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...
CVE-2024-23676
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...
CVE-2024-23676 Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...
PT-2024-1274 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.8 Splunk Enterprise versions prior to 9.1.3 Description: The issue is related to insufficient input validation, allowing a remote attacker to gain unauthorized access to protected information using the...