CVE-2024-29945

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.2.1 Splunk Enterprise versions prior to 9.1.4 Splunk Enterprise versions prior to 9.0.9

Description The issue is related to the exposure of authentication tokens in Splunk Enterprise. This exposure can occur when the software is run in debug mode or when the JsonWebToken component is configured to log its activity at the DEBUG logging level. A remote attacker could potentially exploit this to elevate their privileges.

Recommendations For versions prior to 9.2.1, update to version 9.2.1 or later. For versions prior to 9.1.4, update to version 9.1.4 or later. For versions prior to 9.0.9, update to version 9.0.9 or later. As a temporary workaround, consider disabling debug mode and configuring the JsonWebToken component to log at a level other than DEBUG to minimize the risk of exploitation.