vulnerability
Splunk: CVE-2024-45738: Sensitive information disclosure in REST_Calls logging channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Oct 14, 2024 | Apr 7, 2025 | Oct 31, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Oct 14, 2024
Added
Apr 7, 2025
Modified
Oct 31, 2025
Description
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive parameters in HTTP GET requests such as plaintext credentials to the_internalindex. This exposure could happen if you configure the Splunk EnterpriseREST_Callslog channel at the DEBUG logging level.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. SeeDefine roles on the Splunk platform with capabilitiesin the Splunk documentation for more information.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.