In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
References
Link | Resource |
---|---|
https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 | Vendor Advisory |
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Jul 2023, 19:20
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
18 Aug 2022, 19:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk
Splunk splunk Cloud Platform Splunk splunk |
|
CWE | CWE-668 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
CPE | cpe:2.3:a:splunk:splunk:9.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 - Vendor Advisory | |
References | (CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html - Mitigation, Vendor Advisory |
16 Aug 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-16 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-37438
Mitre link : CVE-2022-37438
CVE.ORG link : CVE-2022-37438
JSON object : View
Products Affected
splunk
- splunk_cloud_platform
- splunk
CWE