Splunk近期9.8分重大漏洞被CISA列入KEV,6月21日須完成修補
同一天,Splunk也更新CVE-2026-20253的安全性公告,上面提到Splunk的產品安全事故應變團隊(PSIRT)察覺少量利用此漏洞的行為,強烈建議用戶更新至已修補此漏洞的版本。基本上,CVE-2026-20253影響的產品主要是Splunk Enterprise的10.0版與10.2版,因此,用戶可升級至10.2.4、10.2.7,或不受此漏洞影響的10.4版。
若短期內無法升級至這些版本,Splunk的建議是停用PostgreSQL sidecar系統服務,做法是在設定檔$SPLUNK_HOME/etc/system/local/server.conf的PostgreSQL段落,加入組態描述「disabled = true」,重新啟動Splunk Enterprise後即可生效。
該公司也提醒,上述設定方式不會影響核心搜尋、索引與儀表板功能,但若Splunk執行個體需用到Edge Processor、OpAmp或SPL2資料管線流程功能,就不適用此方法。
Unauthenticated Arbitrary File Creation and Truncation in a PostgreSQL Sidecar Service Endpoint in Splunk Enterprise
In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. See [Secure Splunk Enterprise](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/10.2/introduction-to-securing-the-splunk-platform/how-to-secure-and-harden-your-splunk-platform-instance) and [Sidecar Configuration Settings](https://help.splunk.com/en/splunk-enterprise/administer/admin-manual/10.2/splunk-sidecars/sidecar-configuration-settings) in the Splunk documentation for more information.In June 2026, the Splunk Product Security Incident Response Team (PSIRT) became aware of limited exploitation of this vulnerability. Splunk strongly recommends that customers upgrade to a fixed s
advisory.splunk.com
Comments (0)