Splunk: CVE-2024-29945: Splunk Authentication Token Exposure in Debug Log in Splunk Enterprise

In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the software potentially exposes authentication tokens during the token validation process. This exposure could happen when either Splunk Enterprise runs in debug mode or theJsonWebTokencomponent has been configured to log its activity at the DEBUG logging level. Normally, Splunk Enterprise runs with debug mode and token authentication turned off, as well as theJsonWebTokenprocess configured at the INFO logging level.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. SeeDefine roles on the Splunk platform with capabilitiesin the Splunk documentation for more information.