Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
References
Link | Resource |
---|---|
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands | Mitigation Vendor Advisory |
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates | Release Notes Vendor Advisory |
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/ | Mitigation Vendor Advisory |
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/ | Mitigation Vendor Advisory |
https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/ | Mitigation Vendor Advisory |
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jun 2022, 01:22
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk
Splunk splunk Cloud Platform Splunk splunk |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 8.1 |
References | (CONFIRM) https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands - Mitigation, Vendor Advisory | |
References | (CONFIRM) https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates - Release Notes, Vendor Advisory | |
References | (CONFIRM) https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/ - Mitigation, Vendor Advisory | |
References | (CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html - Vendor Advisory | |
References | (CONFIRM) https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/ - Mitigation, Vendor Advisory | |
References | (CONFIRM) https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/ - Mitigation, Vendor Advisory | |
CWE | CWE-77 | |
CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* |
15 Jun 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-15 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-32154
Mitre link : CVE-2022-32154
CVE.ORG link : CVE-2022-32154
JSON object : View
Products Affected
splunk
- splunk_cloud_platform
- splunk