In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-1204 |
History
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. | |
Title | Sensitive Information Disclosure through SPL commands | |
Weaknesses | CWE-319 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-12-10T18:01:16.803Z
Updated: 2024-12-10T21:13:47.167Z
Reserved: 2024-11-19T18:30:28.773Z
Link: CVE-2024-53246
Vulnrichment
Updated: 2024-12-10T20:40:38.626Z
NVD
Status : Received
Published: 2024-12-10T18:15:41.553
Modified: 2024-12-10T18:15:41.553
Link: CVE-2024-53246
Redhat
No data.