In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: Splunk
Published: 2024-01-22T20:37:42.546Z
Updated: 2025-06-17T14:24:05.909Z
Reserved: 2024-01-19T16:28:17.341Z
Link: CVE-2024-23676

Updated: 2024-08-01T23:06:25.352Z

Status : Modified
Published: 2024-01-22T21:15:10.530
Modified: 2024-11-21T08:58:09.070
Link: CVE-2024-23676

No data.