CVE-2024-36989 - Vulnerability Details - OpenCVE

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Splunk	Cloud Splunk

Configuration 1 [-]

OR	cpe:2.3:a:splunk:cloud::::::::
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2024-0709
https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-07-01T16:30:38.545Z

Updated: 2025-02-28T11:03:53.004Z

Reserved: 2024-05-30T16:36:21.001Z

Link: CVE-2024-36989

Vulnrichment

Updated: 2024-08-02T03:43:50.575Z

NVD

Status : Modified

Published: 2024-07-01T17:15:07.380

Modified: 2024-11-21T09:22:59.027

Link: CVE-2024-36989

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36989", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-05-30T16:36:21.001Z", "datePublished": "2024-07-01T16:30:38.545Z", "dateUpdated": "2025-02-28T11:03:53.004Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.2"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.5"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.10"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.200"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive."}], "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0709"}, {"url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030"}], "title": "Low-privileged user could create notifications in Splunk Web Bulletin Messages", "datePublic": "2024-07-01T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.", "cweId": "CWE-284"}]}], "source": {"advisory": "SVD-2024-0709"}, "credits": [{"lang": "en", "value": "Anton (therceman)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:53.004Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-03T19:54:30.997403Z", "id": "CVE-2024-36989", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T19:54:43.678Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.575Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0709", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0709", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.575Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36989", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-03T19:54:30.997403Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T19:54:34.654Z"}}], "cna": {"title": "Low-privileged user could create notifications in Splunk Web Bulletin Messages", "source": {"advisory": "SVD-2024-0709"}, "credits": [{"lang": "en", "value": "Anton (therceman)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.2", "lessThan": "9.2.2", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.5", "versionType": "custom"}, {"status": "affected", "version": "9.0", "lessThan": "9.0.10", "versionType": "custom"}]}, {"vendor": "Splunk", "product": "Splunk Cloud Platform", "versions": [{"status": "affected", "version": "9.1.2312", "lessThan": "9.1.2312.200", "versionType": "custom"}]}], "datePublic": "2024-07-01T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0709"}, {"url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-284", "description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:53.004Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36989", "state": "PUBLISHED", "dateUpdated": "2025-02-28T11:03:53.004Z", "dateReserved": "2024-05-30T16:36:21.001Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-07-01T16:30:38.545Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "D906AB2D-B882-4482-9A3B-53A01A28152A", "versionEndExcluding": "9.1.2312.200", "versionStartIncluding": "9.1.2312", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591", "versionEndExcluding": "9.0.10", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE", "versionEndExcluding": "9.1.5", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3", "versionEndExcluding": "9.2.2", "versionStartIncluding": "9.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 9.2.2, 9.1.5 y 9.0.10 y en las versiones de Splunk Cloud Platform inferiores a 9.1.2312.200, un usuario con pocos privilegios que no tenga las funciones de administrador o poder de Splunk podr\u00eda crear notificaciones en los mensajes del bolet\u00edn web de Splunk. que reciben todos los usuarios de la instancia."}], "id": "CVE-2024-36989", "lastModified": "2024-11-21T09:22:59.027", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-01T17:15:07.380", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0709"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/4b7f368f-4322-47f8-8363-2c466f0b7030"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}