CVE-2024-23677Log File Information Exposure in Cloud

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
CNA4.3
EPSS
0.2%
top 54.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk CloudSplunk EnterpriseSplunk Cloud+1 more
Timeline
PublishedJan 22

Description

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise9.09.0.8
NVDsplunk/cloud< 9.0.2208
NVDsplunk/splunk9.0.09.0.8
CVEListV5splunk/splunk_cloud-9.0.2208

🔴Vulnerability Details

2
GHSA
GHSA-c6qc-pm8w-2wmg: In Splunk Enterprise versions below 92024-01-22
CVEList
Server Response Disclosure in RapidDiag Salesforce.com Log File2024-01-22
CVE-2024-23677 — Log File Information Exposure | cvebase