CVE-2024-45739

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2024-1009	Vendor Advisory
https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:9.3.1::::enterprise:::

History

17 Oct 2024, 13:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:splunk:::::enterprise:::* cpe:2.3:a:splunk:splunk:9.3.1::::enterprise:::
CWE		CWE-532
References	~~() https://advisory.splunk.com/advisories/SVD-2024-1009 -~~	() https://advisory.splunk.com/advisories/SVD-2024-1009 - Vendor Advisory
References	~~() https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/ -~~	() https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/ - Vendor Advisory
First Time		Splunk splunk Splunk

15 Oct 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6, el software puede exponer las contraseñas de texto plano de los usuarios de Splunk con autenticación nativa local. Esta exposición podría ocurrir cuando configura el canal de registro de Splunk Enterprise AdminManager en el nivel de registro DEBUG.

14 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-14 17:15

Updated : 2024-10-17 13:16

NVD link : CVE-2024-45739

Mitre link : CVE-2024-45739

CVE.ORG link : CVE-2024-45739

JSON object : View

Products Affected

splunk

splunk

CWE

CWE-532

Insertion of Sensitive Information into Log File

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-45739", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-10-14T17:15:12.860", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-1009", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6, el software puede exponer las contrase\u00f1as de texto plano de los usuarios de Splunk con autenticaci\u00f3n nativa local. Esta exposici\u00f3n podr\u00eda ocurrir cuando configura el canal de registro de Splunk Enterprise AdminManager en el nivel de registro DEBUG."}], "lastModified": "2024-10-17T13:16:36.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", "versionEndExcluding": "9.1.6", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "14D07F5E-504B-447B-988B-BF6ADA59F8D1", "versionEndExcluding": "9.2.3", "versionStartIncluding": "9.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:9.3.1:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "ABC6D150-A6A1-4319-9084-B9C683D11200"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}