cve-2022-26889
Vulnerability from cvelistv5
Published
2022-05-06 16:37
Modified
2024-08-03 05:18
Severity ?
EPSS score ?
Summary
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Version: Version(s) before 8.1.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:18:38.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://research.splunk.com/application/path_traversal_spl_injection/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Splunk Enterprise", vendor: "Splunk", versions: [ { status: "affected", version: "Version(s) before 8.1.2", }, ], }, ], credits: [ { lang: "en", value: "Jason Tsang Mui Chung", }, ], descriptions: [ { lang: "en", value: "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-31T19:09:32", orgId: "42b59230-ec95-491e-8425-5a5befa1a469", shortName: "Splunk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html", }, { tags: [ "x_refsource_MISC", ], url: "https://research.splunk.com/application/path_traversal_spl_injection/", }, ], source: { advisory: "SVD-2022-0506", discovery: "EXTERNAL", }, title: "Path Traversal in search parameter results in external content injection", x_generator: { engine: "advisoriator", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "prodsec@splunk.com", ID: "CVE-2022-26889", STATE: "PUBLIC", TITLE: "Path Traversal in search parameter results in external content injection", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Splunk Enterprise", version: { version_data: [ { version_value: "Version(s) before 8.1.2", }, ], }, }, ], }, vendor_name: "Splunk", }, ], }, }, credit: [ { lang: "eng", value: "Jason Tsang Mui Chung", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).", }, ], }, generator: { engine: "advisoriator", }, impact: { cvss: { baseScore: "8.8", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html", refsource: "MISC", url: "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html", }, { name: "https://research.splunk.com/application/path_traversal_spl_injection/", refsource: "MISC", url: "https://research.splunk.com/application/path_traversal_spl_injection/", }, ], }, source: { advisory: "SVD-2022-0506", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "42b59230-ec95-491e-8425-5a5befa1a469", assignerShortName: "Splunk", cveId: "CVE-2022-26889", datePublished: "2022-05-06T16:37:56", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-08-03T05:18:38.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2022-26889\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-05-06T17:15:08.890\",\"lastModified\":\"2024-11-21T06:54:44.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise anteriores a la 8.1.2, la ruta uri para cargar un recurso relativo dentro de una página web es vulnerable al path traversal. Permite a un atacante inyectar potencialmente contenido arbitrario en la página web (por ejemplo, inyección de HTML, XSS) o eludir las salvaguardias de SPL para los comandos de riesgo. El ataque está basado en el navegador. Un atacante no puede explotar el ataque a voluntad y requiere que el atacante inicie una solicitud dentro del navegador de la víctima (por ejemplo, phishing)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.2\",\"matchCriteriaId\":\"0954AFE3-D780-4E8F-9EDA-AB65E95DDDE6\"}]}]}],\"references\":[{\"url\":\"https://research.splunk.com/application/path_traversal_spl_injection/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/path_traversal_spl_injection/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.