Vulnerability Description
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.1.0, < 8.1.11 |
| Splunk | Splunk Cloud Platform | <= 8.2.2203.4 |
Related Weaknesses (CWE)
References
- https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6Vendor Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.htmlMitigationVendor Advisory
- https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6Vendor Advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.htmlMitigationVendor Advisory
FAQ
What is CVE-2022-37438?
CVE-2022-37438 is a vulnerability with a CVSS score of 2.6 (LOW). In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk use...
How severe is CVE-2022-37438?
CVE-2022-37438 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-37438?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Splunk, Splunk Splunk Cloud Platform.