CVE-2025-20230
Published: Mar 26, 2025
Modified: Mar 27, 2025
CVSS v3.1
4.3
Description
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.
| Vendor | Product | Versions |
|---|---|---|
Splunk | Splunk Enterprise | affected 9.4 - < 9.4.1affected 9.3 - < 9.3.3affected 9.2 - < 9.2.5affected 9.1 - < 9.1.8 |
Splunk | Splunk Secure Gateway | affected 3.8 - < 3.8.38affected 3.7 - < 3.7.23 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now