Hi all,
A security scan on our Splunk server has thrown up CVE-2018-11409. I've verified thatwe are affected - I can access info on /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json without being logged in.
https://www.splunk.com/en_us/product-security/announcements-archive/SP-CAAAP5E.html claims this was fixed for unauthenticated users in Splunk 6.6.0+, but we're running Splunk 8.1.3 (that version info is even printed in /en-US/splunkd/__raw/services/server/info/server-info?output_mode=json !).
Any idea why we could still be affected on Splunk 8.1.3?
Thanks
I solved it editing etc/system/local/restmap.conf.
Defect SPL-128340 with the description "Change server/info protection to true by default" is solved,
Tested on V8.2.2