PT-2018-10552 · Splunk · Splunk

Kof2002

Publicado

2018-06-08

Atualizado

2018-07-31

CVE-2018-11409

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Splunk versions prior to 7.0.1

Description The issue allows information disclosure by appending "/api/v1/server/info/server-info?output mode=json" to a query. This can be used to discover sensitive information, such as a license key.

Recommendations For versions prior to 7.0.1, consider restricting access to the "/api/v1/server/info/server-info" endpoint to minimize the risk of exploitation. Avoid using the output mode parameter with the value json in the affected API endpoint until the issue is resolved.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-11409

Produtos afetados

Splunk

PT-2018-10552 · Splunk · Splunk

CVE-2018-11409

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6