Vulnerability Description
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.1.0, < 8.1.2 |
Related Weaknesses (CWE)
References
- https://research.splunk.com/application/path_traversal_spl_injection/Vendor Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.htmlVendor Advisory
- https://research.splunk.com/application/path_traversal_spl_injection/Vendor Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0506.htmlVendor Advisory
FAQ
What is CVE-2022-26889?
CVE-2022-26889 is a vulnerability with a CVSS score of 8.8 (HIGH). In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content in...
How severe is CVE-2022-26889?
CVE-2022-26889 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26889?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk.