CVE-2026-20164

{"id": "CVE-2026-20164", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-11T17:16:56.783", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2026-0303", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could access the `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords` REST API endpoint, which exposes the hashed or plaintext password values that are stored in the passwords.conf configuration file due to improper access control. This vulnerability could allow for the unauthorized disclosure of sensitive credentials."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a la 10.2.0, 10.0.3, 9.4.9 y 9.3.10, y en las versiones de Splunk Cloud Platform anteriores a la 10.2.2510.5, 10.1.2507.16, 10.0.2503.11 y 9.3.2411.123, un usuario con privilegios bajos que no posee los roles de Splunk 'admin' o 'power' podr\u00eda acceder al endpoint de la API REST `/splunkd/__raw/servicesNS/-/-/configs/conf-passwords`, que expone los valores de contrase\u00f1a con hash o en texto plano que se almacenan en el archivo de configuraci\u00f3n passwords.conf debido a un control de acceso inadecuado. Esta vulnerabilidad podr\u00eda permitir la divulgaci\u00f3n no autorizada de credenciales sensibles."}], "lastModified": "2026-03-24T17:13:12.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "BFBDF80A-51CC-470E-977C-96ABBF89162D", "versionEndExcluding": "9.3.10", "versionStartIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAC2D08-9ED6-4E58-A999-0EE2025C69FC", "versionEndExcluding": "9.4.9", "versionStartIncluding": "9.4.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "CB313879-7BD8-411A-B503-01689F0B326E", "versionEndExcluding": "10.0.3", "versionStartIncluding": "10.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF43951-3CF1-4FC8-AAAF-498949E87019", "versionEndExcluding": "9.3.2411.123", "versionStartIncluding": "9.3.2411"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7A6863D-1330-4F11-B001-E577AFA9F0AE", "versionEndExcluding": "10.0.2503.11", "versionStartIncluding": "10.0.2503"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E11C59-CC22-48AA-A969-717D4D527019", "versionEndExcluding": "10.1.2507.16", "versionStartIncluding": "10.1.2507"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6609708F-A13F-4E4E-9883-C11659BD6C3C", "versionEndExcluding": "10.2.2510.5", "versionStartIncluding": "10.2.2510"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}