Splunk on Monday announced patches for multiple vulnerabilities in Splunk Enterprise, including a high-severity bug affecting Windows instances.
Tracked as CVE-2024-23678, the high-severity flaw is described as an issue related to incorrect sanitization of path input data resulting in “the unsafe deserialization of untrusted data from a separate disk partition on the machine”.
Deserialization of untrusted data is a type of vulnerability allowing for the use of malformed data to cause denial of service, abuse application logic, or execute arbitrary code.
CVE-2024-23678, Splunk notes in its advisory, only impacts Splunk Enterprise for Windows. The security defect was resolved in Splunk Enterprise versions 9.0.8 and 9.1.3.
The same releases resolve several other medium-severity vulnerabilities and multiple flaws in third-party packages used within the data monitoring and analysis solution.
The first of these exists because the Splunk app key value store (KV Store) improperly handles permissions for using the REST API, potentially leading to the deletion of KV Store collections.
Another issue allows a low-privileged user to view metrics without permissions, while the third impacts the Splunk RapidDiag utility, which discloses server responses to certain requests in a log file, potentially exposing sensitive information.
The patches for third-party packages resolve a total of ten vulnerabilities, including four rated ‘critical’ severity and four rated ‘high’.
Splunk recommends that all customers upgrade their Splunk Enterprise installations to version 9.0.8, 9.1.3, or higher. The company makes no mention of any of these security issues being exploited in malicious attacks.
Additional information on the resolved vulnerabilities can be found on Splunk’s security advisories page.