Splunk Enterprise Windows Path Injection Leading to Unsafe Deserialization (CVE-2024-23678)

### Critical Vulnerability Information - **Advisory ID**: SVD-2024-0108 - **CVE ID**: CVE-2024-23678 - **Published**: 2024-01-22 - **Last Update**: 2024-01-30 - **CVSSv3.1 Score**: 7.5, High - **CWE**: CWE-20 - **Bug ID**: SPL-240674 #### Description In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. #### Solution Upgrade Splunk Enterprise for Windows to 9.0.8, 9.1.3, or higher. #### Product Status | Product | Base Version | Component | Affected Version | Fix Version | |--------------------|--------------|---------------|-------------------|-------------| | Splunk Enterprise | 9.0 | Splunk Web | 9.0.0 to 9.0.7 | 9.0.8 | | Splunk Enterprise | 9.1 | Splunk Web | 9.1.0 to 9.1.2 | 9.1.3 | #### Mitigations and Workarounds If users do not log in to Splunk Web on instances in a distributed environment, disable Splunk Web on those instances. #### Severity Splunk rates this vulnerability a 7.5, High, with a CVSSv3.1 vector of CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H. If you do not run Splunk Enterprise on a Windows machine, then there is no impact and the severity is Informational.

Goal Reached Thanks to every supporter — we hit 100%!

Splunk Enterprise Windows Path Injection Leading to Unsafe Deserialization (CVE-2024-23678)