In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.
History

Tue, 15 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'No', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-03-27T16:16:00.974Z

Updated: 2024-12-10T18:00:51.249Z

Reserved: 2024-03-21T21:09:44.795Z

Link: CVE-2024-29945

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.535Z

cve-icon NVD

Status : Modified

Published: 2024-03-27T17:15:54.087

Modified: 2024-11-21T09:08:40.310

Link: CVE-2024-29945

cve-icon Redhat

No data.