Summary
Splunk released security updates to address more than 30 vulnerabilities affecting Splunk Enterprise and Splunk Cloud Platform. The flaws could allow attackers to access stored credentials and indexed data, disclose credential hashes, or write files outside the intended application directory.
Take Action:
If you run Splunk Enterprise, upgrade now to version 10.4.1, 10.2.5, 10.0.8, 9.4.13, or 9.3.14 (Splunk Cloud is being patched by Splunk automatically). The worst flaw lets attackers steal your stored credentials and indexed data. If you can't upgrade right away, turn off Splunk Web where it's not needed, and after upgrading set mask_encr_password = true in limits.conf and restart to stop credential hashes from leaking.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)