CVE-2022-32154 — MEDIUM (6.8)

Q: How severe is CVE-2022-32154?

CVE-2022-32154 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-32154?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.

Vulnerability Description

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Splunk	Splunk	< 9.0
Splunk	Splunk Cloud Platform	< 8.2.2106

Related Weaknesses (CWE)

CWE-20 CWE-77

References

https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_caMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.htmlVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_caMitigationVendor Advisory
https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/UpdatesRelease NotesVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://research.splunk.com/application/splunk_command_and_scripting_interpreterMitigationVendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.htmlVendor Advisory

FAQ

What is CVE-2022-32154?

CVE-2022-32154 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasse...

How severe is CVE-2022-32154?

CVE-2022-32154 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32154?

Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.