SPL Oversights: Update Now to Thwart Cyber Attacks

1 min read

TLDR: Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards

Key Points:

  • Splunk Inc. has disclosed two significant vulnerabilities within its software suite – CVE-2024-29945 and CVE-2024-29946
  • The vulnerabilities could allow attackers to expose authentication tokens and bypass safeguards for risky commands, posing a considerable risk to organizations using Splunk

Splunk Inc. has identified two critical vulnerabilities in its software suite, affecting Splunk Enterprise and Splunk Cloud Platform. The first vulnerability, CVE-2024-29945, exposes authentication tokens when Splunk Enterprise is running in debug mode or the JsonWebToken component is configured to log at the debug level. This could lead to unauthorized access to sensitive data. The second vulnerability, CVE-2024-29946, impacts the Dashboard Examples Hub of the Splunk Dashboard Studio app, allowing attackers to bypass safeguards for risky SPL commands.

To address these vulnerabilities, Splunk has released patches for affected versions and provided mitigation strategies. Users are advised to apply the patches, turn off debug mode, rotate authentication tokens, and upgrade to fixed versions. Splunk has also recommended disabling or deleting the Dashboard Examples Hub app if not in use. These vulnerabilities underscore the importance of keeping software up-to-date and following best security practices to protect data and infrastructure from potential threats.

Previous Story

Boost shareholder returns with advanced cybersecurity strategies

Next Story

17 billion records exposed, Hot Topic attacks, Treasury warning in place

Latest from News