CVE-2022-32154
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
15/06/2022
Last modified:
24/06/2022
Description
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* | 9.0 (excluding) | |
| cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* | 8.2.2106 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands
- https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates
- https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/
- https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/
- https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html