In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Splunk
Splunk splunk |
|
Weaknesses | CWE-532 | |
CPEs | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk:9.3.1:*:*:*:enterprise:*:*:* |
|
Vendors & Products |
Splunk
Splunk splunk |
Mon, 14 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 14 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | |
Title | Sensitive information disclosure in AdminManager logging channel | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-10-14T17:03:38.949Z
Updated: 2024-12-10T18:01:38.588Z
Reserved: 2024-09-05T21:35:21.291Z
Link: CVE-2024-45739
Vulnrichment
Updated: 2024-10-14T19:19:14.317Z
NVD
Status : Analyzed
Published: 2024-10-14T17:15:12.860
Modified: 2024-10-17T13:16:36.440
Link: CVE-2024-45739
Redhat
No data.