In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
History

Tue, 10 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.
Title Sensitive Information Disclosure through SPL commands
Weaknesses CWE-319
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-12-10T18:01:16.803Z

Updated: 2024-12-10T21:13:47.167Z

Reserved: 2024-11-19T18:30:28.773Z

Link: CVE-2024-53246

cve-icon Vulnrichment

Updated: 2024-12-10T20:40:38.626Z

cve-icon NVD

Status : Received

Published: 2024-12-10T18:15:41.553

Modified: 2024-12-10T18:15:41.553

Link: CVE-2024-53246

cve-icon Redhat

No data.