mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
106 lines
3.7 KiB
JSON
106 lines
3.7 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-23675",
|
|
"ASSIGNER": "prodsec@splunk.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
|
|
"cweId": "CWE-284"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Splunk",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Splunk Enterprise",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "9.0",
|
|
"version_value": "9.0.8"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "9.1",
|
|
"version_value": "9.1.3"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Splunk Cloud",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "-",
|
|
"version_value": "9.1.2312.100"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://advisory.splunk.com/advisories/SVD-2024-0105",
|
|
"refsource": "MISC",
|
|
"name": "https://advisory.splunk.com/advisories/SVD-2024-0105"
|
|
},
|
|
{
|
|
"url": "https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/",
|
|
"refsource": "MISC",
|
|
"name": "https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "SVD-2024-0105"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Julian Kaufmann"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
|
"version": "3.1",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
}
|
|
]
|
|
}
|
|
} |