Splunk Patches Vulnerabilities in Enterprise Product
28-Mar-24
Two high-severity vulnerabilities that were patched in Splunk Enterprise have each received their own individual advisories. The Dashboard Examples Hub in the Splunk Dashboard Studio app is affected by one of them, CVE-2024-29946, which can be used to get around security measures for potentially harmful Search Processing Language (SPL) commands.
“The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser,” Splunk stated, adding that “this could let attackers bypass SPL safeguards for risky commands with the permissions of a highly-privileged user in the Hub.”
The possibility of authentication tokens being exposed during the token validation procedure is the subject of the second vulnerability, CVE-2024-29945.
The business stated that in order to take advantage of the vulnerability, an attacker would require administrator access to internal indexes or local access to log files.
For each of these vulnerabilities, there are workarounds, mitigations, and patches available.
Additionally, Splunk has corrected a number of vulnerabilities found in Splunk Enterprise and Splunk Universal Forwarder through the use of third-party packages like Jackson from FasterXML, Curl, OpenSSL, Go, PyWin32, Apache Hive, and Swift.
The Universal Forwarder issues are classified as “low” or “informational” in severity, whereas the Enterprise concerns contain high- and medium-severity flaws.
