Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-418
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Splunk Enterprise. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.2.x antérieures à 8.2.1 | ||
| Splunk | Splunk Enterprise | Splunk Enterprise versions 8.1.x antérieures à 8.1.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.1",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.7",
"product": {
"name": "Splunk Enterprise",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42743"
},
{
"name": "CVE-2021-31559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31559"
},
{
"name": "CVE-2022-27183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27183"
},
{
"name": "CVE-2021-33845",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33845"
},
{
"name": "CVE-2021-26253",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26253"
},
{
"name": "CVE-2022-26889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26889"
},
{
"name": "CVE-2022-26070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26070"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk Enterprise.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk Enterprise",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0507 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0503 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0506 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0504 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0502 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0501 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0505 du 03 mai 2022",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
}
]
}
CVE-2022-26889 (GCVE-0-2022-26889)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:37 – Updated: 2024-08-03 05:18
VLAI?
EPSS
Summary
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.2
|
Credits
Jason Tsang Mui Chung
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:38.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jason Tsang Mui Chung"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T19:09:32",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
],
"source": {
"advisory": "SVD-2022-0506",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in search parameter results in external content injection",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-26889",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in search parameter results in external content injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.2"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jason Tsang Mui Chung"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
},
{
"name": "https://research.splunk.com/application/path_traversal_spl_injection/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/path_traversal_spl_injection/"
}
]
},
"source": {
"advisory": "SVD-2022-0506",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-26889",
"datePublished": "2022-05-06T16:37:56",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:18:38.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33845 (GCVE-0-2021-33845)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:35 – Updated: 2024-08-04 00:05
VLAI?
EPSS
Summary
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.7
|
Credits
Kyle Bambrick
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kyle Bambrick"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:35:58",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
],
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
},
"title": "Username enumeration through lockout message in REST API",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-33845",
"STATE": "PUBLIC",
"TITLE": "Username enumeration through lockout message in REST API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.7"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kyle Bambrick"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
},
{
"name": "https://research.splunk.com/application/splunk_user_enumeration_attempt/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/splunk_user_enumeration_attempt/"
}
]
},
"source": {
"advisory": "SVD-2022-0502",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-33845",
"datePublished": "2022-05-06T16:35:58",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T00:05:51.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31559 (GCVE-0-2021-31559)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:35 – Updated: 2024-08-03 23:03
VLAI?
EPSS
Summary
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
8.2 version(s) before 8.2.1
Affected: Version(s) before 8.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.2 version(s) before 8.2.1"
},
{
"status": "affected",
"version": "Version(s) before 8.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:35:19",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
],
"source": {
"advisory": "SVD-2022-0503",
"discovery": "EXTERNAL"
},
"title": "S2S TcpToken authentication bypass",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-31559",
"STATE": "PUBLIC",
"TITLE": "S2S TcpToken authentication bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.2 version(s) before 8.2.1"
},
{
"version_value": "Version(s) before 8.1.5"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
}
]
},
"source": {
"advisory": "SVD-2022-0503",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-31559",
"datePublished": "2022-05-06T16:35:19",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42743 (GCVE-0-2021-42743)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:36 – Updated: 2024-08-04 03:38
VLAI?
EPSS
Summary
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
8.1 version(s) before 8.1.1
|
Credits
Ilias Dimopoulos of RedyOps Research Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.1 version(s) before 8.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"descriptions": [
{
"lang": "en",
"value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:36:35",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
],
"source": {
"advisory": "SVD-2022-0501",
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation via a default path in Splunk Enterprise Windows",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-42743",
"STATE": "PUBLIC",
"TITLE": "Local privilege escalation via a default path in Splunk Enterprise Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "8.1 version(s) before 8.1.1"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ilias Dimopoulos of\u202fRedyOps Research Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
}
]
},
"source": {
"advisory": "SVD-2022-0501",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-42743",
"datePublished": "2022-05-06T16:36:35",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26070 (GCVE-0-2022-26070)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:37 – Updated: 2024-08-03 04:56
VLAI?
EPSS
Summary
When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.0
|
Credits
Dipak Prajapati (Lethal)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dipak Prajapati (Lethal)"
}
],
"descriptions": [
{
"lang": "en",
"value": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:37:16",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
],
"source": {
"advisory": "SVD-2022-0507",
"discovery": "EXTERNAL"
},
"title": "Error message discloses internal path",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-26070",
"STATE": "PUBLIC",
"TITLE": "Error message discloses internal path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.0"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dipak Prajapati (Lethal)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
}
]
},
"source": {
"advisory": "SVD-2022-0507",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-26070",
"datePublished": "2022-05-06T16:37:16",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27183 (GCVE-0-2022-27183)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:38 – Updated: 2024-08-03 05:25
VLAI?
EPSS
Summary
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
Severity ?
8.8 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.4
|
Credits
Danylo Dmytriiev (DDV_UA)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:38:41",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
],
"source": {
"advisory": "SVD-2022-0505",
"discovery": "EXTERNAL"
},
"title": "Reflected XSS in a query parameter of the Monitoring Console",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2022-27183",
"STATE": "PUBLIC",
"TITLE": "Reflected XSS in a query parameter of the Monitoring Console"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.4"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
},
{
"name": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/",
"refsource": "MISC",
"url": "https://research.splunk.com/application/splunk_xss_in_monitoring_console/"
}
]
},
"source": {
"advisory": "SVD-2022-0505",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-27183",
"datePublished": "2022-05-06T16:38:41",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:31.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26253 (GCVE-0-2021-26253)
Vulnerability from cvelistv5 – Published: 2022-05-06 16:34 – Updated: 2024-08-03 20:19
VLAI?
EPSS
Summary
A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service.
Severity ?
8.1 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Splunk | Splunk Enterprise |
Affected:
Version(s) before 8.1.6
|
Credits
Sanket Bhimani
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "Version(s) before 8.1.6"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sanket Bhimani"
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in Splunk Enterprise\u0027s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:34:33",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
],
"source": {
"advisory": "SVD-2022-0504",
"discovery": "EXTERNAL"
},
"title": "Bypass of Splunk Enterprise\u0027s implementation of DUO MFA",
"x_generator": {
"engine": "advisoriator"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"ID": "CVE-2021-26253",
"STATE": "PUBLIC",
"TITLE": "Bypass of Splunk Enterprise\u0027s implementation of DUO MFA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_value": "Version(s) before 8.1.6"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sanket Bhimani"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in Splunk Enterprise\u0027s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service."
}
]
},
"generator": {
"engine": "advisoriator"
},
"impact": {
"cvss": {
"baseScore": "8.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html",
"refsource": "MISC",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
}
]
},
"source": {
"advisory": "SVD-2022-0504",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2021-26253",
"datePublished": "2022-05-06T16:34:33",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…