Prior to even logging into a Splunk Cloud instance, at the very bottom of the page, the version (down to the build) is presented. This seems like information that should only be provided once authentication has taken place. Armed with this info, someone targeting a Splunk Cloud instance could potentially exploit documented vulnerabilities.
Splunk should consider removing this from a pre-authenticated screen, especially in Splunk Cloud.
This is fixed since splunk 6.5
Wait for the planned upgrade to get the version hidden.
This is fixed since splunk 6.5
Wait for the planned upgrade to get the version hidden.