| Splunk Enterprise versions 6.4.x before 6.4.4, 6.3.x before 6.3.8, 6.2.x before 6.2.12, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 are affected by an HTTP request injection vulnerability that permits leakage of authentication tokens. The authorization tokens permit an attacker to use the Splunk REST API with the same rights as the user. |
