CVE-2024-23677: 
Splunk Enterprise vulnerability analysis and mitigation

In Splunk Enterprise versions below 9.0.8, a vulnerability was identified where the Splunk RapidDiag utility discloses server responses from external applications in a log file. This vulnerability, tracked as CVE-2024-23677, was published on January 22, 2024, and affects Splunk Enterprise versions 9.0.0 to 9.0.7, as well as Splunk Cloud versions below 9.0.2208 (Splunk Advisory).

The vulnerability has been assigned a CVSSv3.1 base score of 4.3 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is classified under CWE-532 and is tracked internally by Splunk as SPL-225757. The vulnerability specifically involves the RapidDiag utility's logging functionality, where server responses to external application upload requests are inappropriately stored in log files (Splunk Advisory).

The primary impact of this vulnerability is the potential exposure of sensitive information. The log files generated by the RapidDiag utility might contain sensitive data from server responses, which could be accessed by unauthorized users (Splunk Advisory).

Splunk has released version 9.0.8 of Splunk Enterprise to address this vulnerability. Users are advised to upgrade to this version or higher. For Splunk Cloud Platform instances, Splunk is actively monitoring and patching affected systems. No alternative mitigations or workarounds have been provided (Splunk Advisory).