Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
CVE-2024-29945

7.2HIGH

Key Information:

Vendor
Splunk
Status
Splunk Enterprise
Vendor
CVE Published:
27 March 2024

Badges

📰 News Worthy

Summary

The vulnerability in Splunk Enterprise involves potential exposure of authentication tokens during the token validation process in specific versions. This security issue occurs particularly when the software operates in debug mode or when the JsonWebToken component is set to log at the DEBUG level. This logging configuration can inadvertently make sensitive authentication tokens accessible, posing a significant risk to user security. It is essential for organizations using affected versions to review their configurations and adopt mitigation strategies outlined in underlying advisories to protect sensitive data from unauthorized access.

Affected Version(s)

Splunk Enterprise 9.2 < 9.2.1

Splunk Enterprise 9.1 < 9.1.4

Splunk Enterprise 9.0 < 9.0.9

News Articles

favicon imageCybersecurityNews

Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards : Patch Now

Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk to organizations utilizing Splunk Enterprise and Splunk Cloud Platform.

10 months ago

References

https://advisory.splunk.com/advisories/SVD-2024-0301
https://research.splunk.com/application/9a67e749-d291-40d...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by CybersecurityNews

  • Vulnerability published

Credit

Alex Napier, Splunk
.