OpenCVE

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Splunk	Splunk

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:9.3.0::::enterprise:::

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2024-1008
https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/

History

Thu, 17 Oct 2024 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Splunk Splunk splunk
Weaknesses		CWE-532
CPEs		cpe:2.3:a:splunk:splunk:::::enterprise:::* cpe:2.3:a:splunk:splunk:9.3.0::::enterprise:::
Vendors & Products		Splunk Splunk splunk

Mon, 14 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 14 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
Description		In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.
Title		Sensitive information disclosure in REST_Calls logging channel
Weaknesses		CWE-200
References		https://advisory.splunk.com/advisories/SVD-2024-1008 https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-10-14T17:03:38.142Z

Updated: 2024-10-30T15:06:37.126Z

Reserved: 2024-09-05T21:35:21.290Z

Link: CVE-2024-45738

Vulnrichment

Updated: 2024-10-14T19:23:51.796Z

NVD

Status : Analyzed

Published: 2024-10-14T17:15:12.660

Modified: 2024-10-17T13:17:37.723

Link: CVE-2024-45738

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45738", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2024-09-05T21:35:21.290Z", "datePublished": "2024-10-14T17:03:38.142Z", "dateUpdated": "2024-10-30T15:06:37.126Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.1"}, {"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.3"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.6"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level."}], "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-1008"}, {"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/"}], "title": "Sensitive information disclosure in REST_Calls logging channel", "datePublic": "2024-10-14T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.", "cweId": "CWE-200"}]}], "source": {"advisory": "SVD-2024-1008"}, "credits": [{"lang": "en", "value": "Eric McGinnis, Splunk"}, {"lang": "en", "value": "Rod Soto, Splunk"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-10-30T15:06:37.126Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-14T19:23:47.032004Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T05:39:00.414Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45738", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-14T19:23:47.032004Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-14T19:23:51.796Z"}}], "cna": {"title": "Sensitive information disclosure in REST_Calls logging channel", "source": {"advisory": "SVD-2024-1008"}, "credits": [{"lang": "en", "value": "Eric McGinnis, Splunk"}, {"lang": "en", "value": "Rod Soto, Splunk"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Enterprise", "versions": [{"status": "affected", "version": "9.3", "lessThan": "9.3.1", "versionType": "custom"}, {"status": "affected", "version": "9.2", "lessThan": "9.2.3", "versionType": "custom"}, {"status": "affected", "version": "9.1", "lessThan": "9.1.6", "versionType": "custom"}]}], "datePublic": "2024-10-14T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-1008"}, {"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/"}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-200", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-10-15T19:11:05.083Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45738", "state": "PUBLISHED", "dateUpdated": "2024-10-17T05:39:00.414Z", "dateReserved": "2024-09-05T21:35:21.290Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-10-14T17:03:38.142Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2", "versionEndExcluding": "9.1.6", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "14D07F5E-504B-447B-988B-BF6ADA59F8D1", "versionEndExcluding": "9.2.3", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:9.3.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "11F038B4-1335-4F4E-9013-E6D6152DCD20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6, el software puede exponer par\u00e1metros HTTP confidenciales al \u00edndice `_internal`. Esta exposici\u00f3n podr\u00eda ocurrir si configura el canal de registro `REST_Calls` de Splunk Enterprise en el nivel de registro DEBUG."}], "id": "CVE-2024-45738", "lastModified": "2024-10-17T13:17:37.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2024-10-14T17:15:12.660", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-1008"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}