Lucene search

[email protected]NVD:CVE-2022-43566

HistoryNov 04, 2022 - 11:15 p.m.

CVE-2022-43566

2022-11-0423:15:10

CWE-20

[email protected]

web.nvd.nist.gov

splunk enterprise

spl safeguards

risky commands

phishing attack

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

JSON

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.

Affected configurations

NVD

Node

splunksplunkRange8.1.0–8.1.12enterprise

splunksplunkRange8.2.0–8.2.9enterprise

splunksplunkRange9.0.0–9.0.2enterprise

splunksplunk_cloud_platformRange<9.0.2208

References

research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/

www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

42.8%

JSON

Related for NVD:CVE-2022-43566

prion1 nessus1 cve1 cvelist1