Splunk Enterprise for Windows Incorrect Permission Assignment Vulnerability

A vulnerability exists in Splunk Enterprise for Windows in versions prior to 10.0.2, as well as 9.4.6, 9.3.8, and 9.2.10. During new installations or upgrades to these affected versions, incorrect permissions can be assigned in the Splunk installation directory. This misconfiguration allows non-administrator users to access the directory and its contents.

Impact

The vulnerability allows non-administrator users to access the Splunk installation directory and all its contents, potentially leading to unauthorized access to sensitive information or configuration files.

Remediation

Users can upgrade Splunk Enterprise for Windows to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10, or higher. If an upgrade is not possible, the vulnerability can be mitigated by adjusting the directory permissions using the 'icacls' command to remove access for certain user groups and restore the correct inheritance.