cvelistv5 - cve-2022-26889

CVE-2022-26889 (GCVE-0-2022-26889)

Vulnerability from cvelistv5 – Published: 2022-05-06 16:37 – Updated: 2024-08-03 05:18

Summary

In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-20

Assigner

Splunk

References

URL

Tags

	https://www.splunk.com/en_us/product-security/ann…	x_refsource_MISC
	https://research.splunk.com/application/path_trav…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Splunk	Splunk Enterprise	Affected: Version(s) before 8.1.2

Credits

Jason Tsang Mui Chung

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:18:38.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "status": "affected",
              "version": "Version(s) before 8.1.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jason Tsang Mui Chung"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-31T19:09:32",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
        }
      ],
      "source": {
        "advisory": "SVD-2022-0506",
        "discovery": "EXTERNAL"
      },
      "title": "Path Traversal in search parameter results in external content injection",
      "x_generator": {
        "engine": "advisoriator"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "ID": "CVE-2022-26889",
          "STATE": "PUBLIC",
          "TITLE": "Path Traversal in search parameter results in external content injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Splunk Enterprise",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version(s) before 8.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Splunk"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Jason Tsang Mui Chung"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
            }
          ]
        },
        "generator": {
          "engine": "advisoriator"
        },
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
              "refsource": "MISC",
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
            },
            {
              "name": "https://research.splunk.com/application/path_traversal_spl_injection/",
              "refsource": "MISC",
              "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
            }
          ]
        },
        "source": {
          "advisory": "SVD-2022-0506",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2022-26889",
    "datePublished": "2022-05-06T16:37:56",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-08-03T05:18:38.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\", \"versionStartIncluding\": \"8.1.0\", \"versionEndExcluding\": \"8.1.2\", \"matchCriteriaId\": \"0954AFE3-D780-4E8F-9EDA-AB65E95DDDE6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing).\"}, {\"lang\": \"es\", \"value\": \"En las versiones de Splunk Enterprise anteriores a la 8.1.2, la ruta uri para cargar un recurso relativo dentro de una p\\u00e1gina web es vulnerable al path traversal. Permite a un atacante inyectar potencialmente contenido arbitrario en la p\\u00e1gina web (por ejemplo, inyecci\\u00f3n de HTML, XSS) o eludir las salvaguardias de SPL para los comandos de riesgo. El ataque est\\u00e1 basado en el navegador. Un atacante no puede explotar el ataque a voluntad y requiere que el atacante inicie una solicitud dentro del navegador de la v\\u00edctima (por ejemplo, phishing)\"}]",
      "id": "CVE-2022-26889",
      "lastModified": "2024-11-21T06:54:44.530",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-05-06T17:15:08.890",
      "references": "[{\"url\": \"https://research.splunk.com/application/path_traversal_spl_injection/\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\", \"source\": \"prodsec@splunk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://research.splunk.com/application/path_traversal_spl_injection/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "prodsec@splunk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"prodsec@splunk.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26889\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-05-06T17:15:08.890\",\"lastModified\":\"2024-11-21T06:54:44.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing).\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise anteriores a la 8.1.2, la ruta uri para cargar un recurso relativo dentro de una p\u00e1gina web es vulnerable al path traversal. Permite a un atacante inyectar potencialmente contenido arbitrario en la p\u00e1gina web (por ejemplo, inyecci\u00f3n de HTML, XSS) o eludir las salvaguardias de SPL para los comandos de riesgo. El ataque est\u00e1 basado en el navegador. Un atacante no puede explotar el ataque a voluntad y requiere que el atacante inicie una solicitud dentro del navegador de la v\u00edctima (por ejemplo, phishing)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.2\",\"matchCriteriaId\":\"0954AFE3-D780-4E8F-9EDA-AB65E95DDDE6\"}]}]}],\"references\":[{\"url\":\"https://research.splunk.com/application/path_traversal_spl_injection/\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://research.splunk.com/application/path_traversal_spl_injection/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-418

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Splunk Enterprise. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise versions 8.1.x antérieures à 8.1.7

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0507 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0503 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0506 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0504 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0502 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0501 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0505 du 03 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.7",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42743"
    },
    {
      "name": "CVE-2021-31559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31559"
    },
    {
      "name": "CVE-2022-27183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27183"
    },
    {
      "name": "CVE-2021-33845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33845"
    },
    {
      "name": "CVE-2021-26253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26253"
    },
    {
      "name": "CVE-2022-26889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26889"
    },
    {
      "name": "CVE-2022-26070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26070"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-418",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk Enterprise.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk Enterprise",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0507 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0503 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0506 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0504 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0502 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0501 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0505 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
    }
  ]
}

CERTFR-2022-AVI-418

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	Splunk Enterprise	Splunk Enterprise versions 8.2.x antérieures à 8.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise versions 8.1.x antérieures à 8.1.7

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk svd-2022-0507 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0503 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0506 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0504 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0502 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0501 du 03 mai 2022	None	vendor-advisory
Bulletin de sécurité Splunk svd-2022-0505 du 03 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise versions 8.2.x ant\u00e9rieures \u00e0 8.2.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 8.1.x ant\u00e9rieures \u00e0 8.1.7",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-42743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42743"
    },
    {
      "name": "CVE-2021-31559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31559"
    },
    {
      "name": "CVE-2022-27183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27183"
    },
    {
      "name": "CVE-2021-33845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33845"
    },
    {
      "name": "CVE-2021-26253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26253"
    },
    {
      "name": "CVE-2022-26889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26889"
    },
    {
      "name": "CVE-2022-26070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26070"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-418",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk Enterprise.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk Enterprise",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0507 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0507.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0503 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0503.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0506 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0504 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0504.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0502 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0502.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0501 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk svd-2022-0505 du 03 mai 2022",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0505.html"
    }
  ]
}

GHSA-79W5-M8HM-G24M

Vulnerability from github – Published: 2022-05-07 00:00 – Updated: 2022-05-18 00:00

Details

The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-26889"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-06T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.",
  "id": "GHSA-79w5-m8hm-g24m",
  "modified": "2022-05-18T00:00:35Z",
  "published": "2022-05-07T00:00:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26889"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/path_traversal_spl_injection"
    },
    {
      "type": "WEB",
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-26889

Vulnerability from fkie_nvd - Published: 2022-05-06 17:15 - Updated: 2024-11-21 06:54

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
prodsec@splunk.com	https://research.splunk.com/application/path_traversal_spl_injection/	Vendor Advisory
prodsec@splunk.com	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://research.splunk.com/application/path_traversal_spl_injection/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	splunk	splunk	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "0954AFE3-D780-4E8F-9EDA-AB65E95DDDE6",
              "versionEndExcluding": "8.1.2",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
    },
    {
      "lang": "es",
      "value": "En las versiones de Splunk Enterprise anteriores a la 8.1.2, la ruta uri para cargar un recurso relativo dentro de una p\u00e1gina web es vulnerable al path traversal. Permite a un atacante inyectar potencialmente contenido arbitrario en la p\u00e1gina web (por ejemplo, inyecci\u00f3n de HTML, XSS) o eludir las salvaguardias de SPL para los comandos de riesgo. El ataque est\u00e1 basado en el navegador. Un atacante no puede explotar el ataque a voluntad y requiere que el atacante inicie una solicitud dentro del navegador de la v\u00edctima (por ejemplo, phishing)"
    }
  ],
  "id": "CVE-2022-26889",
  "lastModified": "2024-11-21T06:54:44.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "prodsec@splunk.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-06T17:15:08.890",
  "references": [
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
    },
    {
      "source": "prodsec@splunk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
    }
  ],
  "sourceIdentifier": "prodsec@splunk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "prodsec@splunk.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-26889

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-26889

Aliases

CVE-2022-26889

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-26889",
    "description": "The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.",
    "id": "GSD-2022-26889"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-26889"
      ],
      "details": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing).",
      "id": "GSD-2022-26889",
      "modified": "2023-12-13T01:19:39.410272Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "ID": "CVE-2022-26889",
        "STATE": "PUBLIC",
        "TITLE": "Path Traversal in search parameter results in external content injection"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Version(s) before 8.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Jason Tsang Mui Chung"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
          }
        ]
      },
      "generator": {
        "engine": "advisoriator"
      },
      "impact": {
        "cvss": {
          "baseScore": "8.8",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
            "refsource": "MISC",
            "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
          },
          {
            "name": "https://research.splunk.com/application/path_traversal_spl_injection/",
            "refsource": "MISC",
            "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2022-0506",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.2",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "prodsec@splunk.com",
          "ID": "CVE-2022-26889"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim\u0027s browser (e.g., phishing)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.html"
            },
            {
              "name": "https://research.splunk.com/application/path_traversal_spl_injection/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://research.splunk.com/application/path_traversal_spl_injection/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-19T15:35Z",
      "publishedDate": "2022-05-06T17:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-26889 (GCVE-0-2022-26889)

CERTFR-2022-AVI-418

Solution

CERTFR-2022-AVI-418

Solution

GHSA-79W5-M8HM-G24M

FKIE_CVE-2022-26889

GSD-2022-26889

Tags

Sightings

Nomenclature