CVE-2024-23677

Summary

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.0 < 9.0.8affected
SplunkSplunk Cloud- < 9.0.2208affected

Weaknesses

  • CWE-532: Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References