Kof2002

**Name of the Vulnerable Software and Affected Versions** Splunk versions prior to 7.0.1 **Description** The issue allows information disclosure by appending "/api/v1/server/info/server-info?output mode=json" to a query. This can be used to discover sensitive information, such as a license key. **Recommendations** For versions prior to 7.0.1, consider restricting access to the "/api/v1/server/info/server-info" endpoint to minimize the risk of exploitation. Avoid using the `output mode` parameter with the value `json` in the affected API endpoint until the issue is resolved.