Skip to main content

Splunk Releases Security Updates

Security updates address vulnerabilities affecting Splunk Enterprise and Splunk Cloud

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address vulnerabilities affecting Splunk Enterprise and Splunk Cloud


Threat details

Introduction

Splunk has released two security advisories that address two high severity vulnerabilities within Splunk Enterprise and Splunk Cloud. Splunk is a data analysis platform used for business and web analytics, application management, compliance, and security.

The first high-severity vulnerability, known as CVE-2024-29945 with a CVSSv3 score of 7.2 , could allow Splunk Enterprise software (in debug mode or the JsonWebToken component logs activity at the DEBUG logging level) to expose authentication tokens during the token validation process. 

The second high-severity vulnerability, known as CVE-2024-29946 with a CVSSv3 score of 8.1, could allow attackers to bypass SPL safeguards for risky commands in the Hub. 


Remediation advice

Affected organisations are encouraged to review the following Splunk Security Advisories for more information.


Remediation steps

Type Step
Patch

Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise | SVD-2024-0301


https://advisory.splunk.com//advisories/SVD-2024-0301
Patch

Risky command safeguards bypass in Dashboard Examples Hub | SVD-2024-0302


https://advisory.splunk.com//advisories/SVD-2024-0302

Definitive source of threat updates


Last edited: 28 March 2024 11:18 am