PT-2026-24736 · Splunk · Splunk Cloud Platform+2
Alex Hordijk
·
Publicado
2026-03-11
·
Atualizado
2026-03-15
·
CVE-2026-20164
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.9, and 9.3.10
Splunk Cloud Platform versions prior to 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123
Description
A user with limited privileges, lacking the 'admin' or 'power' Splunk roles, can access the
/splunkd/ raw/servicesNS/-/-/configs/conf-passwords API endpoint. This endpoint exposes hashed or plaintext password values stored in the passwords.conf configuration file due to insufficient access controls. This could lead to the unauthorized disclosure of sensitive credentials.Recommendations
Splunk Enterprise versions prior to 10.2.0, 10.0.3, 9.4.9, and 9.3.10 should be updated.
Splunk Cloud Platform versions prior to 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123 should be updated.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Splunk Cloud Platform
Splunk Enterprise
Splunk