CVE-2024-29945: Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise
First published: Wed Mar 27 2024(Updated: )
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure happens when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level.
Credit: prodsec@splunk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Splunk Splunk | >=9.0.0<9.0.9 | |
| Splunk Splunk | >=9.1.0<9.1.4 | |
| Splunk Splunk | >=9.2.0<9.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/splunk
- canonical/splunk splunk
- version/splunk splunk/9.0.0
- version/splunk splunk/9.1.0
- version/splunk splunk/9.2.0