CVE-2024-45739
14.10.2024, 17:15
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.Enginsight
| Vendor | Product | Version |
|---|---|---|
| splunk | splunk | 9.1.0 ≤ 𝑥 < 9.1.6 |
| splunk | splunk | 9.2.0 ≤ 𝑥 < 9.2.3 |
| splunk | splunk | 9.3.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-532 - Insertion of Sensitive Information into Log FileInformation written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.