Splunk Sensitive Information Disclosure

Published on
10 Jan 2022
Vulnerability

Description

Appending __raw/services/server/info/server-info?output mode=json to a query in Splunk 7.0.1 facilitates information leakage, as demonstrated by uncovering a licencing key.

Recommendations

  • Update SPLUNK to the latest version
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days