vulnerability
Splunk: CVE-2024-45738: Sensitive information disclosure in REST_Calls logging channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Oct 14, 2024 | Apr 7, 2025 | Mar 25, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Oct 14, 2024
Added
Apr 7, 2025
Modified
Mar 25, 2026
Description
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive parameters in HTTP GET requests such as plaintext credentials to the_internalindex. This exposure could happen if you configure the Splunk EnterpriseREST_Callslog channel at the DEBUG logging level.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. SeeDefine roles on the Splunk platform with capabilitiesin the Splunk documentation for more information.
Solution
splunk-upgrade-latest
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.