{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk, Inc", "versions": [{"lessThan": "9.0", "status": "affected", "version": "9.0", "versionType": "custom"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk, Inc", "versions": [{"lessThan": "8.2.2106", "status": "affected", "version": "8.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Chris Green at Splunk"}, {"lang": "en", "value": "Danylo Dmytriiev (DDV_UA)"}, {"lang": "en", "value": "Anton (therceman)"}], "datePublic": "2022-06-14T00:00:00", "descriptions": [{"lang": "en", "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-15T16:48:46", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}], "source": {"advisory": "SVD-2022-0604", "discovery": "INTERNAL"}, "title": "Risky commands warnings in Splunk Enterprise Dashboards", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-06-14T11:55:00.000Z", "ID": "CVE-2022-32154", "STATE": "PUBLIC", "TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "<", "version_name": "9.0", "version_value": "9.0"}]}}, {"product_name": "Splunk Cloud Platform", "version": {"version_data": [{"version_affected": "<", "version_name": "8.2", "version_value": "8.2.2106"}]}}]}, "vendor_name": "Splunk, Inc"}]}}, "credit": [{"lang": "eng", "value": "Chris Green at Splunk"}, {"lang": "eng", "value": "Danylo Dmytriiev (DDV_UA)"}, {"lang": "eng", "value": "Anton (therceman)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"}, {"name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands", "refsource": "CONFIRM", "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"}, {"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"}, {"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"}, {"name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}]}, "source": {"advisory": "SVD-2022-0604", "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:32:55.969Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-32154", "datePublished": "2022-06-15T16:48:46.918488Z", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-09-16T20:11:36.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "A6CE3B90-F8EF-4DC2-80FF-2B791F152037", "versionEndExcluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "87852670-65F6-4EE8-ABD5-BC25137868DD", "versionEndExcluding": "8.2.2106", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."}, {"lang": "es", "value": "Los cuadros de mando en Splunk Enterprise versiones anteriores a 9.0, podr\u00edan permitir a un atacante inyectar comandos de b\u00fasqueda arriesgados en un token de formulario cuando el token es usado en una consulta en una petici\u00f3n de origen cruzado. El resultado es una omisi\u00f3n de las salvaguardas de SPL para los comandos de riesgo. V\u00e9ase Las nuevas capacidades pueden limitar el acceso a algunos comandos personalizados y potencialmente arriesgados (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) para m\u00e1s informaci\u00f3n. Tenga en cuenta que el ataque est\u00e1 basado en el navegador y un atacante no puede explotarlo a voluntad"}], "id": "CVE-2022-32154", "lastModified": "2022-06-24T01:22:06.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2022-06-15T17:15:09.017", "references": [{"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"}, {"source": "prodsec@splunk.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"}, {"source": "prodsec@splunk.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}

{}