"Splunk Patches Vulnerabilities in Enterprise Product"

Splunk recently announced security patches for its Enterprise product, including vulnerabilities that have been assigned a high severity rating.  One of the flaws, CVE-2024-29946, impacts the Dashboard Examples Hub in the Splunk Dashboard Studio app and can be exploited to bypass protections for risky Search Processing Language (SPL) commands. Splunk noted that this could let attackers bypass SPL safeguards for risky commands with the permissions of a highly privileged user in the Hub. Splunk said the vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. The second flaw, CVE-2024-29945, is related to the potential exposure of authentication tokens during the token validation process. Splunk noted that this exposure could happen when either Splunk Enterprise runs in debug mode, or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. The company says an attacker would need local access to log files or admin access to internal indexes to exploit the vulnerability. Patches, mitigations, and workarounds are available for each of these vulnerabilities. Splunk has also patched several vulnerabilities introduced in Splunk Enterprise and Splunk Universal Forwarder by the use of third-party packages such as Curl, OpenSSL, Go, PyWin32, Apache Hive, and FasterXML’s Jackson. 

SecurityWeek reports: "Splunk Patches Vulnerabilities in Enterprise Product"