TLDR: Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards
Key Points:
- Splunk Inc. has disclosed two significant vulnerabilities within its software suite – CVE-2024-29945 and CVE-2024-29946
- The vulnerabilities could allow attackers to expose authentication tokens and bypass safeguards for risky commands, posing a considerable risk to organizations using Splunk
Splunk Inc. has identified two critical vulnerabilities in its software suite, affecting Splunk Enterprise and Splunk Cloud Platform. The first vulnerability, CVE-2024-29945, exposes authentication tokens when Splunk Enterprise is running in debug mode or the JsonWebToken component is configured to log at the debug level. This could lead to unauthorized access to sensitive data. The second vulnerability, CVE-2024-29946, impacts the Dashboard Examples Hub of the Splunk Dashboard Studio app, allowing attackers to bypass safeguards for risky SPL commands.
To address these vulnerabilities, Splunk has released patches for affected versions and provided mitigation strategies. Users are advised to apply the patches, turn off debug mode, rotate authentication tokens, and upgrade to fixed versions. Splunk has also recommended disabling or deleting the Dashboard Examples Hub app if not in use. These vulnerabilities underscore the importance of keeping software up-to-date and following best security practices to protect data and infrastructure from potential threats.