CVE-2024-53244: 
Splunk Enterprise vulnerability analysis and mitigation

CVE-2024-53244 is a security vulnerability discovered in Splunk Enterprise and Splunk Cloud Platform, disclosed on December 10, 2024. The vulnerability affects Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206. This vulnerability allows low-privileged users without admin or power roles to bypass SPL safeguards for risky commands (Splunk Advisory).

The vulnerability exists in the '/en-US/app/search/report' endpoint through the 's' parameter, where a low-privileged user can run a saved search with risky commands using the permissions of a higher-privileged user. The vulnerability has been assigned a CVSSv3.1 score of 5.7 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and requiring user interaction (NVD, Splunk Advisory).

The vulnerability can lead to unauthorized access to sensitive information through the execution of risky commands with elevated privileges. The impact is primarily focused on confidentiality, with no direct impact on integrity or availability of the system (Splunk Advisory).

The primary mitigation is to upgrade Splunk Enterprise to versions 9.1.7, 9.2.4, 9.3.2, or higher. For Splunk Cloud Platform, Splunk is actively monitoring and patching instances. As a workaround, organizations can disable Splunk Web, as the vulnerability only affects instances with Splunk Web enabled (Splunk Advisory).