Primary

Context

Splunk Add-On for Palo Alto Networks Sensitive Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in Splunk Add-on for Palo Alto Networks versions prior to 2.0.2, where client secrets are exposed in plain text in the _internal index. This occurs during the addition of new 'Data Security Accounts'. Exploitation of this vulnerability requires either local access to the log files or administrative access to internal indexes, which is typically granted only to users with the admin role.

Impact

The vulnerability allows for the unauthorized disclosure of client secrets, which could be misused if exposed.

Remediation

Users should upgrade the Splunk Add-On for Palo Alto Networks to version 2.0.2, 3.0.0, or higher. After upgrading, it is recommended to check the _internal index for any exposed credentials and generate new client_id and client_secret as needed, revoking any that were exposed.

Added: Nov 26, 2025, 6:23 PM

Updated: Nov 26, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Add-On for Palo Alto Networks Sensitive Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating