Splunk response to CVE-2018-11409: Information Disclosure
Table of Contents
Splunk has completed a review of CVE-2018-11409: Information Disclosure. Splunk Enterprise versions before 6.6.0 expose partial information about the host operating system, hardware and Splunk license over an unauthenticated REST endpoint. Splunk Enterprise 6.6.0 and later expose partial information about the host operating system, hardware and Splunk license to authenticated users only. The function that returns that information is also necessary for the proper operation of Splunk clustering and instrumentation. Based on the nature of information disclosed, the issue in this advisory is currently believed to be low severity for all affected versions of Splunk Enterprise.
At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there is no CVE Identifier listed with a vulnerability, it will be added once it is assigned by a CVE Numbering Authority. To standardize the calculation of severity scores for each vulnerability, when appropriate, Splunk uses Common Vulnerability Scoring System version 2.
Affected Products and Components
- Splunk Enterprise
- Affected versions: All versions of Splunk Enterprise 6.2.x, 6.3.x, 6.4.x, and 6.5.x.
- Affected components: Search heads, heavy forwarders, universal forwarders, indexers, KV Store, and apps leveraging Splunk OpenSSL.