Description
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Splunk / Splunk Cloud9.0.2208
- Splunk / Splunk Enterprise9.0 – 9.0.8
References
- VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2024-0107