Impact
An inadequate access‑control check on the Saved‑Search ownership reassignment endpoint allows a user with the edit_saved_search_owner capability to change ownership to any other user, including those outside the user’s authorized role. This flaw is classified as CWE‑284 and effectively permits a high‑privilege actor to elevate privileges or grant elevated privileges to others, potentially compromising data access and administrative functions.
Affected Systems
Splunk Enterprise versions earlier than 10.2.4 and 10.0.7 are vulnerable, as are Splunk Cloud Platform versions earlier than 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131.
Risk and Exploitability
The CVSS v3.1 score of 5.5 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be an insider or compromised privileged account; a user already possessing edit_saved_search_owner can reassign search ownership without further authorization checks, thereby achieving privilege escalation or unauthorized access to data.
OpenCVE Enrichment