CVE-2024-23676

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-20
View all →

Vulnerability Description

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

Related Vulnerabilities

CVE-2016-1763

LOW
CVSS:3.5(Low)

Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a...

CWE-202016

CVE-2016-8535

LOW
CVSS:3.5(Low)

A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.

CWE-202016

CVE-2016-8651

LOW
CVSS:3.5(Low)

An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access t...

CWE-202016

CVE-2017-7517

LOW
CVSS:3.5(Low)

An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject...

CWE-202017

CVE-2019-4271

LOW
CVSS:3.5(Low)

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.

CWE-202019

CVE-2019-5461

LOW
CVSS:3.5(Low)

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This ...

CWE-202019