Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-418
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Splunk Enterprise. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.1.x antérieures à 8.1.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.7",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42743"
},
{
"name": "CVE-2021-31559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31559"
},
{
"name": "CVE-2022-27183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27183"
},
{
"name": "CVE-2021-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33845"
},
{
"name": "CVE-2021-26253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26253"
},
{
"name": "CVE-2022-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26889"
},
{
"name": "CVE-2022-26070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26070"
}
],
"initial_release_date": "2022-05-05T00:00:00",
"last_revision_date": "2022-05-05T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk Enterprise.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk Enterprise",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0507 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0503 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0506 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0504 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0502 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0501 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0505 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
}
]
}
CVE-2021-26253 (GCVE-0-2021-26253)
Vulnerability from cvelistv5
Published
2022-05-06 16:34
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sanket Bhimani"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in Splunk Enterprise\u0027s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:34:33",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
],
"source": {
"advisory": "SVD-2022-0504",
"discovery": "EXTERNAL"
},
"title": "Bypass of Splunk Enterprise\u0027s implementation of DUO MFA",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-26253",
"STATE": "PUBLIC",
"TITLE": "Bypass of Splunk Enterprise\u0027s implementation of DUO MFA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.6"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sanket Bhimani"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in Splunk Enterprise\u0027s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
]
},
"source": {
"advisory": "SVD-2022-0504",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-26253",
"datePublished": "2022-05-06T16:34:33",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31559 (GCVE-0-2021-31559)
Vulnerability from cvelistv5
Published
2022-05-06 16:35
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.2 version(s) before 8.2.1 Version: Version(s) before 8.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.2 version(s) before 8.2.1"
},
{
"status": "affected",
"version": "Version(s) before 8.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:35:19",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
],
"source": {
"advisory": "SVD-2022-0503",
"discovery": "EXTERNAL"
},
"title": "S2S TcpToken authentication bypass",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-31559",
"STATE": "PUBLIC",
"TITLE": "S2S TcpToken authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.2 version(s) before 8.2.1"
},
{
"version_value": "Version(s) before 8.1.5"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
]
},
"source": {
"advisory": "SVD-2022-0503",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-31559",
"datePublished": "2022-05-06T16:35:19",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26889 (GCVE-0-2022-26889)
Vulnerability from cvelistv5
Published
2022-05-06 16:37
Modified
2024-08-03 05:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jason Tsang Mui Chung"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T19:09:32",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
],
"source": {
"advisory": "SVD-2022-0506",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in search parameter results in external content injection",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-26889",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in search parameter results in external content injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.2"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jason Tsang Mui Chung"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"name": "https://research.splunk.com/application/path_traversal_spl_injection/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
]
},
"source": {
"advisory": "SVD-2022-0506",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-26889",
"datePublished": "2022-05-06T16:37:56",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:18:38.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27183 (GCVE-0-2022-27183)
Vulnerability from cvelistv5
Published
2022-05-06 16:38
Modified
2024-08-03 05:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:38:41",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
],
"source": {
"advisory": "SVD-2022-0505",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS in a query parameter of the Monitoring Console",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-27183",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in a query parameter of the Monitoring Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.4"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"name": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
]
},
"source": {
"advisory": "SVD-2022-0505",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-27183",
"datePublished": "2022-05-06T16:38:41",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:31.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33845 (GCVE-0-2021-33845)
Vulnerability from cvelistv5
Published
2022-05-06 16:35
Modified
2024-08-04 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kyle Bambrick"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:35:58",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
},
"title": "Username enumeration through lockout message in REST API",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-33845",
"STATE": "PUBLIC",
"TITLE": "Username enumeration through lockout message in REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.7"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kyle Bambrick"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"name": "https://research.splunk.com/application/splunk_user_enumeration_attempt/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
]
},
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-33845",
"datePublished": "2022-05-06T16:35:58",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T00:05:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42743 (GCVE-0-2021-42743)
Vulnerability from cvelistv5
Published
2022-05-06 16:36
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: 8.1 version(s) before 8.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.1 version(s) before 8.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:36:35",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
],
"source": {
"advisory": "SVD-2022-0501",
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via a default path in Splunk Enterprise Windows",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-42743",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via a default path in Splunk Enterprise Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.1 version(s) before 8.1.1"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
]
},
"source": {
"advisory": "SVD-2022-0501",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-42743",
"datePublished": "2022-05-06T16:36:35",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26070 (GCVE-0-2022-26070)
Vulnerability from cvelistv5
Published
2022-05-06 16:37
Modified
2024-08-03 04:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dipak Prajapati (Lethal)"
}
],
"descriptions": [
{
"lang": "en",
"value": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:37:16",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
],
"source": {
"advisory": "SVD-2022-0507",
"discovery": "EXTERNAL"
},
"title": "Error message discloses internal path",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-26070",
"STATE": "PUBLIC",
"TITLE": "Error message discloses internal path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.0"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dipak Prajapati (Lethal)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
]
},
"source": {
"advisory": "SVD-2022-0507",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-26070",
"datePublished": "2022-05-06T16:37:16",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…