We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53246

Sensitive Information Disclosure through SPL commands



Description

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation.

Reserved 2024-11-19 | Published 2024-12-10 | Updated 2025-01-15 | Assigner Splunk


MEDIUM: 5.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Product status

9.3 before 9.3.2
affected

9.2 before 9.2.4
affected

9.1 before 9.1.7
affected

9.3.2408 before 9.3.2408.101
affected

9.2.2406 before 9.2.2406.106
affected

9.2.2403 before 9.2.2403.111
affected

9.1.2312 before 9.1.2312.206
affected

References

advisory.splunk.com/advisories/SVD-2024-1204

cve.org (CVE-2024-53246)

nvd.nist.gov (CVE-2024-53246)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-53246

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.