Splunk Improper Access Control Vulnerability in Secure Gateway App via Push Notifications

A vulnerability exists in Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, as well as in Splunk Secure Gateway app versions prior to 3.9.10, 3.8.58, and 3.7.28 on Splunk Cloud Platform. Low-privileged users without 'admin' or 'power' roles, who subscribe to mobile push notifications, may receive alerts containing titles and descriptions of reports or alerts they do not have permission to view.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of report and alert information through push notifications, bypassing access controls.

Remediation

Users can upgrade Splunk Enterprise to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10 or higher. For Splunk Cloud Platform, instances are actively monitored and patched. As an alternative, the Splunk Secure Gateway App can be disabled, although this may affect Splunk Mobile, Spacebridge, and Mission Control functionalities.