Archive
Highlighted

Splunk < 7.0.1 - Information Disclosure

Communicator

Hi Splunkers! Is there any solutions for this right now?

Splunk < 7.0.1 - Information Disclosure - CVE: CVE-2018-11409

link: https://nvd.nist.gov/vuln/detail/CVE-2018-11409

Thanks!

0 Karma
Highlighted

Re: Splunk < 7.0.1 - Information Disclosure

Influencer

If/when there is an official response, it will appear on: https://www.splunk.com/page/securityportal/

UPDATE official response: https://www.splunk.com/view/SP-CAAAP5E

As of Splunk 6.6 that endpoint requires authentication: http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Prot...

As far as the "license keys" that are exposed, I don't know much about this endpoint, but to my untrained eye they look like they're hashes of the license files.
(An actual license is a signed XML file, for example see this expired license used as part of tests for the Java SDK: https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.licen... )

REST Endpoint Description: http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo