Re: Splunk < 7.0.1 - Information Disclosure - Splunk Community

Splunk Enterprise

Hi Splunkers! Is there any solutions for this right now?

Splunk < 7.0.1 - Information Disclosure - CVE: CVE-2018-11409

link: https://nvd.nist.gov/vuln/detail/CVE-2018-11409

Thanks!

If/when there is an official response, it will appear on: https://www.splunk.com/page/securityportal/

UPDATE official response: https://www.splunk.com/view/SP-CAAAP5E

As of Splunk 6.6 that endpoint requires authentication: http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Prot...

As far as the "license keys" that are exposed, I don't know much about this endpoint, but to my untrained eye they look like they're hashes of the license files.
(An actual license is a signed XML file, for example see this expired license used as part of tests for the Java SDK: https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.licen... )

REST Endpoint Description: http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo

Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...