Splunk on Wednesday announced security patches for its Enterprise product, including for vulnerabilities that have been assigned a ‘high severity’ rating.
Individual advisories have been published for two high-severity vulnerabilities patched in Splunk Enterprise. One of them, CVE-2024-29946, impacts the Dashboard Examples Hub in the Splunk Dashboard Studio app and can be exploited to bypass protections for risky Search Processing Language (SPL) commands.
“This could let attackers bypass SPL safeguards for risky commands with the permissions of a highly-privileged user in the Hub,” Splunk said, adding that “the vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.”
The second flaw, CVE-2024-29945, is related to the potential exposure of authentication tokens during the token validation process.
“This exposure could happen when either Splunk Enterprise runs in debug mode or the JsonWebToken component has been configured to log its activity at the DEBUG logging level. Normally, Splunk Enterprise runs with debug mode and token authentication turned off, as well as the JsonWebToken process configured at the INFO logging level,” Splunk explained.
The company noted that an attacker would need local access to log files or admin access to internal indexes to exploit the vulnerability.
Patches, mitigations and workarounds are available for each of these vulnerabilities.
Splunk has also patched several vulnerabilities introduced in Splunk Enterprise and Splunk Universal Forwarder by the use of third-party packages such as Curl, OpenSSL, Go, PyWin32, Apache Hive and FasterXML’s Jackson.
The issues affecting Universal Forwarder have a ‘low’ or ‘informational’ severity rating, but the Enterprise issues include high- and medium-severity flaws.
Splunk was recently acquired by Cisco for $28 billion. The networking giant plans on leveraging Splunk’s AI, security and observability technology to boost its capabilities.
Related: Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
Related: High-Severity Vulnerabilities Patched in Splunk Enterprise
Related: Splunk Enterprise Updates Patch High-Severity Vulnerabilities
