Splunk Enterprise contains a critical vulnerability in its deployment module. A compromised Universal Forwarded endpoint can be used to deploy to all other Universal Forwarded endpoints belonging to the deployment server.
You can read more and find the audit in the
Splunk vulnerability blog post.
