CVE-2024-45739 – Sensitive information disclosure in AdminManager logging channel
https://notcve.org/view.php?id=CVE-2024-45739
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1009 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-45738 – Sensitive information disclosure in REST_Calls logging channel
https://notcve.org/view.php?id=CVE-2024-45738
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. • https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-45737 – Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-45737
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). • https://advisory.splunk.com/advisories/SVD-2024-1007 https://research.splunk.com/application/34bac267-a89b-4bd7-a072-a48eef1f15b8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-45733 – Remote Code Execution (RCE) due to insecure session storage configuration in Splunk Enterprise on Windows
https://notcve.org/view.php?id=CVE-2024-45733
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an insecure session storage configuration. • https://advisory.splunk.com/advisories/SVD-2024-1003 https://research.splunk.com/application/c97e0704-d9c6-454d-89ba-1510a987bf72 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-45732 – Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app
https://notcve.org/view.php?id=CVE-2024-45732
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk user in the SplunkDeploymentServerConfig app. This could let the low-privileged user access potentially restricted data. • https://advisory.splunk.com/advisories/SVD-2024-1002 https://research.splunk.com/application/f765c3fe-c3b6-4afe-a932-11dd4f3a024f • CWE-862: Missing Authorization •