admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-457xx/CVE-2024-45739.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

131 lines
4.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-45739",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-10-14T17:15:12.860",
"lastModified": "2024-10-17T13:16:36.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise anteriores a 9.3.1, 9.2.3 y 9.1.6, el software puede exponer las contrase\u00f1as de texto plano de los usuarios de Splunk con autenticaci\u00f3n nativa local. Esta exposici\u00f3n podr\u00eda ocurrir cuando configura el canal de registro de Splunk Enterprise AdminManager en el nivel de registro DEBUG."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.6",
"matchCriteriaId": "FB935ACC-3899-47DE-B4C0-CB94CAC79AC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.2.3",
"matchCriteriaId": "14D07F5E-504B-447B-988B-BF6ADA59F8D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:9.3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "ABC6D150-A6A1-4319-9084-B9C683D11200"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-1009",
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://research.splunk.com/application/93dc7182-c5da-4085-82ec-401abf33d623/",
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink