admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-532xx/CVE-2024-53243.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

60 lines
2.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-53243",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-12-10T18:15:41.093",
"lastModified": "2024-12-10T18:15:41.093",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the \u201cadmin\u201c or \u201cpower\u201c Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise anteriores a 9.3.2, 9.2.4 y 9.1.7 y las versiones anteriores a 3.2.462, 3.7.18 y 3.8.5 de la aplicaci\u00f3n Splunk Secure Gateway en Splunk Cloud Platform, un usuario con privilegios bajos que no tenga los roles de \"administrador\" o \"poder\" de Splunk podr\u00eda ver respuestas de consultas de b\u00fasqueda de alertas mediante los endpoints de recopilaci\u00f3n del almac\u00e9n de valores clave (KVstore) de la aplicaci\u00f3n Splunk Secure Gateway debido a un control de acceso inadecuado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-1201",
"source": "prodsec@splunk.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink