Sensitive Information Disclosure through SPL commands

Advisory ID: SVD-2024-1204

CVE ID: CVE-2024-53246

Published: 2024-12-10

Last Update: 2024-12-10

CVSSv3.1 Score: 5.3, Medium

CWE: CWE-319

Bug ID: VULN-20321

Description

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.


The potential issue does not disclose indexed data or sensitive information concerning the default Splunk Enterprise instance.

Solution

To fix the problem, perform the following procedure on Splunk Enterprise:
1. Upgrade Splunk Enterprise to versions 9.3.2, 9.2.4, 9.1.7, or higher.
2. In the limits.conf configuration file, under the [storage_passwords_masking] stanza, add a line view_cleartext_spl_rest = false.
3. Restart the Splunk Enterprise instance.

For more information, see How to edit a configuration file and the limits.conf configuration specification file for more information.

Splunk is actively monitoring and patching Splunk Cloud Platform instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.3Search9.3.0 to 9.3.19.3.2
Splunk Enterprise9.2Search9.2.0 to 9.2.39.2.4
Splunk Enterprise9.1Search9.1.0 to 9.1.69.1.7
Splunk Cloud Platform9.3.2408SearchBelow 9.3.2408.1019.3.2408.101
Splunk Cloud Platform9.2.2406SearchBelow 9.2.2406.1069.2.2406.106
Splunk Cloud Platform9.2.2403SearchBelow 9.2.2403.1119.2.2403.111
Splunk Cloud Platform9.1.2312SearchBelow 9.1.2312.2069.1.2312.206

Mitigations and Workarounds

None

Detections

None

Severity

Splunk rates this vulnerability a 5.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N. The potential rating might vary due based on the information that appears in the secrets store.

If you do not use the functionality to store sensitive information, there should be no impact and the severity would be informational.