Splunk Enterprise

Splunk < 7.0.1 - Information Disclosure


Hi Splunkers! Is there any solutions for this right now?

Splunk < 7.0.1 - Information Disclosure - CVE: CVE-2018-11409

link: https://nvd.nist.gov/vuln/detail/CVE-2018-11409


0 Karma


If/when there is an official response, it will appear on: https://www.splunk.com/page/securityportal/

UPDATE official response: https://www.splunk.com/view/SP-CAAAP5E

As of Splunk 6.6 that endpoint requires authentication: http://docs.splunk.com/Documentation/Splunk/6.6.0/Installation/Aboutupgradingto6.6READTHISFIRST#Prot...

As far as the "license keys" that are exposed, I don't know much about this endpoint, but to my untrained eye they look like they're hashes of the license files.
(An actual license is a signed XML file, for example see this expired license used as part of tests for the Java SDK: https://github.com/splunk/splunk-sdk-java/blob/master/tests/com/splunk/splunk_at_least_cupcake.licen... )

REST Endpoint Description: http://docs.splunk.com/Documentation/Splunk/7.1.1/RESTREF/RESTintrospect#server.2Finfo

Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...