vulnerability
Splunk: CVE-2024-45739: Sensitive information disclosure in AdminManager logging channel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Oct 14, 2024 | Apr 7, 2025 | Oct 31, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Oct 14, 2024
Added
Apr 7, 2025
Modified
Oct 31, 2025
Description
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk EnterpriseAdminManagerlog channel at the DEBUG logging level.The vulnerability would require either local access to the log files or administrative access to internal indexes, which by default only the admin role receives. Review roles and capabilities on your instance and restrict internal index access to administrator-level roles. SeeDefine roles on the Splunk platform with capabilitiesin the Splunk documentation for more information.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.