In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
History

Thu, 17 Oct 2024 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk
Weaknesses CWE-532
CPEs cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk:9.3.1:*:*:*:enterprise:*:*:*
Vendors & Products Splunk
Splunk splunk

Mon, 14 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 14 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
Title Sensitive information disclosure in AdminManager logging channel
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-10-14T17:03:38.949Z

Updated: 2024-12-10T18:01:38.588Z

Reserved: 2024-09-05T21:35:21.291Z

Link: CVE-2024-45739

cve-icon Vulnrichment

Updated: 2024-10-14T19:19:14.317Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-14T17:15:12.860

Modified: 2024-10-17T13:16:36.440

Link: CVE-2024-45739

cve-icon Redhat

No data.