cvelistv5 - CVE-2022-32154

CVE-2022-32154 (GCVE-0-2022-32154)

Vulnerability from cvelistv5 – Published: 2022-06-15 16:48 – Updated: 2024-09-16 20:11

Summary

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-20 - Improper Input Validation

Assigner

Splunk

References

URL

Tags

	https://docs.splunk.com/Documentation/Splunk/9.0.…	x_refsource_CONFIRM
	https://www.splunk.com/en_us/product-security/ann…	x_refsource_CONFIRM
	https://docs.splunk.com/Documentation/Splunk/9.0.…	x_refsource_CONFIRM
	https://research.splunk.com/application/splunk_co…	x_refsource_CONFIRM
	https://research.splunk.com/application/splunk_co…	x_refsource_CONFIRM
	https://research.splunk.com/application/splunk_co…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Splunk, Inc

Splunk Enterprise

Affected: 9.0 , < 9.0 (custom)

Splunk, Inc

Splunk Cloud Platform

Affected: 8.2 , < 8.2.2106 (custom)

Credits

Chris Green at Splunk Danylo Dmytriiev (DDV_UA) Anton (therceman)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:32:55.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk, Inc",
          "versions": [
            {
              "lessThan": "9.0",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk, Inc",
          "versions": [
            {
              "lessThan": "8.2.2106",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Chris Green at Splunk"
        },
        {
          "lang": "en",
          "value": "Danylo Dmytriiev (DDV_UA)"
        },
        {
          "lang": "en",
          "value": "Anton (therceman)"
        }
      ],
      "datePublic": "2022-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T16:48:46",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
        }
      ],
      "source": {
        "advisory": "SVD-2022-0604",
        "discovery": "INTERNAL"
      },
      "title": "Risky commands warnings in Splunk Enterprise Dashboards",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
          "ID": "CVE-2022-32154",
          "STATE": "PUBLIC",
          "TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.0",
                            "version_value": "9.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Splunk Cloud Platform",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.2",
                            "version_value": "8.2.2106"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk, Inc"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Chris Green at Splunk"
          },
          {
            "lang": "eng",
            "value": "Danylo Dmytriiev (DDV_UA)"
          },
          {
            "lang": "eng",
            "value": "Anton (therceman)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
              "refsource": "CONFIRM",
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
            },
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
              "refsource": "CONFIRM",
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
              "refsource": "CONFIRM",
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
              "refsource": "CONFIRM",
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
              "refsource": "CONFIRM",
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
            }
          ]
        },
        "source": {
          "advisory": "SVD-2022-0604",
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-32154",
    "datePublished": "2022-06-15T16:48:46.918488Z",
    "dateReserved": "2022-05-31T00:00:00",
    "dateUpdated": "2024-09-16T20:11:36.885Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionEndExcluding\": \"9.0\", \"matchCriteriaId\": \"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.2.2106\", \"matchCriteriaId\": \"87852670-65F6-4EE8-ABD5-BC25137868DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.\"}, {\"lang\": \"es\", \"value\": \"Los cuadros de mando en Splunk Enterprise versiones anteriores a 9.0, podr\\u00edan permitir a un atacante inyectar comandos de b\\u00fasqueda arriesgados en un token de formulario cuando el token es usado en una consulta en una petici\\u00f3n de origen cruzado. El resultado es una omisi\\u00f3n de las salvaguardas de SPL para los comandos de riesgo. V\\u00e9ase Las nuevas capacidades pueden limitar el acceso a algunos comandos personalizados y potencialmente arriesgados (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) para m\\u00e1s informaci\\u00f3n. Tenga en cuenta que el ataque est\\u00e1 basado en el navegador y un atacante no puede explotarlo a voluntad\"}]",
      "id": "CVE-2022-32154",
      "lastModified": "2024-11-21T07:05:51.100",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-06-15T17:15:09.017",
      "references": "[{\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-32154\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-06-15T17:15:09.017\",\"lastModified\":\"2024-11-21T07:05:51.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.\"},{\"lang\":\"es\",\"value\":\"Los cuadros de mando en Splunk Enterprise versiones anteriores a 9.0, podr\u00edan permitir a un atacante inyectar comandos de b\u00fasqueda arriesgados en un token de formulario cuando el token es usado en una consulta en una petici\u00f3n de origen cruzado. El resultado es una omisi\u00f3n de las salvaguardas de SPL para los comandos de riesgo. V\u00e9ase Las nuevas capacidades pueden limitar el acceso a algunos comandos personalizados y potencialmente arriesgados (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) para m\u00e1s informaci\u00f3n. Tenga en cuenta que el ataque est\u00e1 basado en el navegador y un atacante no puede explotarlo a voluntad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"9.0\",\"matchCriteriaId\":\"A6CE3B90-F8EF-4DC2-80FF-2B791F152037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.2.2106\",\"matchCriteriaId\":\"87852670-65F6-4EE8-ABD5-BC25137868DD\"}]}]}],\"references\":[{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions antérieures à 9.0
Splunk	Splunk Enterprise	Splunk Enterprise versions antérieures à 9.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions antérieures à 8.2.2203

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0604 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0603 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0605 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0601 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0602 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0607 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0608 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0606 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Universal Forwarder versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions ant\u00e9rieures \u00e0 8.2.2203",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32152"
    },
    {
      "name": "CVE-2022-32151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32151"
    },
    {
      "name": "CVE-2022-32155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32155"
    },
    {
      "name": "CVE-2022-32156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32156"
    },
    {
      "name": "CVE-2022-32154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32154"
    },
    {
      "name": "CVE-2022-32153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32153"
    },
    {
      "name": "CVE-2022-32158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32158"
    },
    {
      "name": "CVE-2022-32157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-548",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0604 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0603 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0605 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0601 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0602 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0607 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0608 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0606 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html"
    }
  ]
}

CERTFR-2022-AVI-548

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Universal Forwarder versions antérieures à 9.0
Splunk	Splunk Enterprise	Splunk Enterprise versions antérieures à 9.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions antérieures à 8.2.2203

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0604 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0603 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0605 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0601 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0602 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0607 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0608 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0606 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Universal Forwarder versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions ant\u00e9rieures \u00e0 9.0",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions ant\u00e9rieures \u00e0 8.2.2203",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32152"
    },
    {
      "name": "CVE-2022-32151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32151"
    },
    {
      "name": "CVE-2022-32155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32155"
    },
    {
      "name": "CVE-2022-32156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32156"
    },
    {
      "name": "CVE-2022-32154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32154"
    },
    {
      "name": "CVE-2022-32153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32153"
    },
    {
      "name": "CVE-2022-32158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32158"
    },
    {
      "name": "CVE-2022-32157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32157"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-548",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSplunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0604 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0603 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0605 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0605.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0601 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0602 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0602.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0607 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0607.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0608 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0608.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0606 du 14 juin 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0606.html"
    }
  ]
}

GHSA-P25G-64WC-H88X

Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:01

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-32154"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-15T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.",
  "id": "GHSA-p25g-64wc-h88x",
  "modified": "2022-06-25T00:01:03Z",
  "published": "2022-06-16T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32154"
    },
    {
      "type": "WEB",
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
    },
    {
      "type": "WEB",
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-32154

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-32154

Aliases

CVE-2022-32154

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-32154",
    "description": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.",
    "id": "GSD-2022-32154"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32154"
      ],
      "details": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.",
      "id": "GSD-2022-32154",
      "modified": "2023-12-13T01:19:12.277507Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
        "ID": "CVE-2022-32154",
        "STATE": "PUBLIC",
        "TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "9.0",
                          "version_value": "9.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Splunk Cloud Platform",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "8.2",
                          "version_value": "8.2.2106"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk, Inc"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Chris Green at Splunk"
        },
        {
          "lang": "eng",
          "value": "Danylo Dmytriiev (DDV_UA)"
        },
        {
          "lang": "eng",
          "value": "Anton (therceman)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
            "refsource": "CONFIRM",
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
          },
          {
            "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
            "refsource": "CONFIRM",
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
          },
          {
            "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
            "refsource": "CONFIRM",
            "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
          },
          {
            "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
            "refsource": "CONFIRM",
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
          },
          {
            "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
            "refsource": "CONFIRM",
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
          },
          {
            "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
            "refsource": "CONFIRM",
            "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2022-0604",
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.2106",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "ID": "CVE-2022-32154"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
            },
            {
              "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
            },
            {
              "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
            },
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-06-24T01:22Z",
      "publishedDate": "2022-06-15T17:15Z"
    }
  }
}

FKIE_CVE-2022-32154

Vulnerability from fkie_nvd - Published: 2022-06-15 17:15 - Updated: 2024-11-21 07:05

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
prodsec@splunk.com	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands	Mitigation, Vendor Advisory
prodsec@splunk.com	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates	Release Notes, Vendor Advisory
prodsec@splunk.com	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/	Mitigation, Vendor Advisory
prodsec@splunk.com	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/	Mitigation, Vendor Advisory
prodsec@splunk.com	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/	Mitigation, Vendor Advisory
prodsec@splunk.com	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	splunk	splunk	*
	splunk	splunk_cloud_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87852670-65F6-4EE8-ABD5-BC25137868DD",
              "versionEndExcluding": "8.2.2106",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
    },
    {
      "lang": "es",
      "value": "Los cuadros de mando en Splunk Enterprise versiones anteriores a 9.0, podr\u00edan permitir a un atacante inyectar comandos de b\u00fasqueda arriesgados en un token de formulario cuando el token es usado en una consulta en una petici\u00f3n de origen cruzado. El resultado es una omisi\u00f3n de las salvaguardas de SPL para los comandos de riesgo. V\u00e9ase Las nuevas capacidades pueden limitar el acceso a algunos comandos personalizados y potencialmente arriesgados (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) para m\u00e1s informaci\u00f3n. Tenga en cuenta que el ataque est\u00e1 basado en el navegador y un atacante no puede explotarlo a voluntad"
    }
  ],
  "id": "CVE-2022-32154",
  "lastModified": "2024-11-21T07:05:51.100",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-15T17:15:09.017",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-32154 (GCVE-0-2022-32154)

CERTFR-2022-AVI-548

Solution

CERTFR-2022-AVI-548

Solution

GHSA-P25G-64WC-H88X

GSD-2022-32154

FKIE_CVE-2022-32154

Tags

Sightings

Nomenclature