OpenCVE

In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk Splunk Cloud Platform

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

No data.

References

Link	Providers
https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/
https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2022-11-03T22:06:41.735Z

Updated: 2024-08-03T13:32:59.806Z

Reserved: 2022-10-20T18:37:09.181Z

Link: CVE-2022-43561

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-03T23:15:15.127

Modified: 2024-11-21T07:26:47.200

Link: CVE-2022-43561

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43561", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "requesterUserId": "d03a2723-f9e2-46d2-8173-16ee7d33f715", "dateReserved": "2022-10-20T18:37:09.181Z", "datePublished": "2022-11-03T22:06:41.735Z", "dateUpdated": "2024-08-03T13:32:59.806Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"lessThan": "8.1.12", "status": "affected", "version": "8.1", "versionType": "custom"}, {"lessThan": "8.2.9", "status": "affected", "version": "8.2", "versionType": "custom"}, {"lessThan": "9.0.2", "status": "affected", "version": "9.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mr Hack (try_to_hack)"}], "datePublic": "2022-11-02T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the \u201cpower\u201d Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled."}], "value": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the \u201cpower\u201d Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation", "lang": "en", "type": "CWE"}]}], "references": [{"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"}, {"url": "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/"}], "source": {"advisory": "SVD-2022-1101", "discovery": "EXTERNAL"}, "title": "Persistent Cross-Site Scripting in \u201cSave Table\u201d Dialog in Splunk Enterprise", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/DisableunnecessarySplunkcomponents\">See Disable unnecessary Splunk Enterprise components</a><span style=\"background-color: rgb(255, 255, 255);\"> and the </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf\">web.conf</a><span style=\"background-color: rgb(255, 255, 255);\"> configuration specification file for more information on disabling Splunk Web.</span><br>"}], "value": "If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. See Disable unnecessary Splunk Enterprise components https://docs.splunk.com/Documentation/Splunk/8.2.5/Security/DisableunnecessarySplunkcomponents and the web.conf https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf configuration specification file for more information on disabling Splunk Web.\n"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2022-11-03T22:06:41.735Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.806Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "697F9803-FC99-4149-A4E5-55A3A8CB1D18", "versionEndExcluding": "8.1.12", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "07617B0C-3704-4DB5-B416-94B77A5C2EEE", "versionEndExcluding": "8.2.9", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "867EFF29-96B9-44EF-93CE-8E7DB77B086E", "versionEndExcluding": "9.0.2", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "968C9207-1208-43E0-ABA5-1008BE594FDF", "versionEndExcluding": "9.0.2208", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the \u201cpower\u201d Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise inferiores a 8.1.12, 8.2.9 y 9.0.2, un usuario remoto que posee el poder del rol Splunk puede almacenar scripts arbitrarios que pueden generar Cross-Site Scripting (XSS) persistentes. La vulnerabilidad afecta a instancias con Splunk Web habilitado."}], "id": "CVE-2022-43561", "lastModified": "2024-11-21T07:26:47.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-03T23:15:15.127", "references": [{"source": "prodsec@splunk.com", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Vendor Advisory"], "url": "https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}