Sensitive Information Disclosure through SPL commands
Advisory ID: SVD-2024-1204
CVE ID: CVE-2024-53246
Published: 2024-12-10
Last Update: 2024-12-10
CVSSv3.1 Score: 5.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-319
Bug ID: VULN-20321
Description
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
The potential issue does not disclose indexed data or sensitive information concerning the default Splunk Enterprise instance.
Solution
To fix the problem, perform the following procedure on Splunk Enterprise:
1. Upgrade Splunk Enterprise to versions 9.3.2, 9.2.4, 9.1.7, or higher.
2. In the limits.conf
configuration file, under the [storage_passwords_masking]
stanza, add a line view_cleartext_spl_rest = false.
3. Restart the Splunk Enterprise instance.
For more information, see How to edit a configuration file and the limits.conf configuration specification file for more information.
Splunk is actively monitoring and patching Splunk Cloud Platform instances.
Product Status
Product | Version | Component | Affected Version | Fix Version |
---|---|---|---|---|
Splunk Enterprise | 9.3 | Search | 9.3.0 to 9.3.1 | 9.3.2 |
Splunk Enterprise | 9.2 | Search | 9.2.0 to 9.2.3 | 9.2.4 |
Splunk Enterprise | 9.1 | Search | 9.1.0 to 9.1.6 | 9.1.7 |
Splunk Cloud Platform | 9.3.2408 | Search | Below 9.3.2408.101 | 9.3.2408.101 |
Splunk Cloud Platform | 9.2.2406 | Search | Below 9.2.2406.106 | 9.2.2406.106 |
Splunk Cloud Platform | 9.2.2403 | Search | Below 9.2.2403.111 | 9.2.2403.111 |
Splunk Cloud Platform | 9.1.2312 | Search | Below 9.1.2312.206 | 9.1.2312.206 |
Mitigations and Workarounds
None
Detections
None
Severity
Splunk rates this vulnerability a 5.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N. The potential rating might vary due based on the information that appears in the secrets store.
If you do not use the functionality to store sensitive information, there should be no impact and the severity would be informational.