Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://advisory.splunk.com/advisories/SVD-2026-0704 |
|
Wed, 15 Jul 2026 22:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Splunk
Splunk splunk Cloud Platform Splunk splunk Enterprise |
|
| Vendors & Products |
Splunk
Splunk splunk Cloud Platform Splunk splunk Enterprise |
Wed, 15 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.6, 10.3.2512.15, 10.2.2510.18, and 10.1.2507.24, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could view stored credential hashes when they access the `/servicesNS/-/-/storage/passwords` REST endpoint through the `|rest` Search Processing Language (SPL) command.<br><br>The exposure happens because the `|rest` SPL command returns the `encr_password` field in the results of the `/servicesNS/-/-/storage/passwords` REST endpoint. | |
| Title | Sensitive Information Disclosure through the storage/passwords REST Endpoint in Splunk Enterprise | |
| Weaknesses | CWE-200 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2026-07-16T03:55:51.583Z
Reserved: 2025-10-08T11:59:15.407Z
Link: CVE-2026-20298
Updated: 2026-07-15T17:52:10.359Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T22:15:15Z