Impact
A lack of authentication on the PostgreSQL sidecar service endpoint allows a remote, unauthenticated user to create or truncate any file on the system. This flaw enables an attacker to write arbitrary files or truncate existing ones without credentials. Because no credentials are required, the vulnerability can be exploited by any user who can reach the service over the network. This weakness is a missing authentication control (CWE-306).
Affected Systems
Splunk Enterprise versions older than 10.2.4 and 10.0.7, but newer than 9.4, are affected. Versions 9.4 and earlier are not affected.
Risk and Exploitability
The CVSS score of 9.8 reflects the high impact and ease of exploitation. The EPSS score is 88%, indicating a higher likelihood of exploitation, yet the absence of authentication controls means the attacker does not need any additional credentials or privileges. The vulnerability has been listed in the CISA KEV catalog, underscoring that it has been actively exploited, and its severity combined with the lack of authentication makes it a critical concern. Attackers with network reach to the sidecar endpoint can immediately exploit this issue to create or truncate files on the host.
OpenCVE Enrichment