Unrated severityNVD Advisory· Published Jun 15, 2022· Updated Sep 16, 2024
Risky commands warnings in Splunk Enterprise Dashboards
CVE-2022-32154
Description
Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <9.0
- Splunk, Inc/Splunk Cloud Platformv5Range: 8.2
- Splunk, Inc/Splunk Enterprisev5Range: 9.0
Patches
Vulnerability mechanics
References
6- docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguardsmitrex_refsource_CONFIRM
- docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updatesmitrex_refsource_CONFIRM
- research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/mitrex_refsource_CONFIRM
- research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/mitrex_refsource_CONFIRM
- research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/mitrex_refsource_CONFIRM
- www.splunk.com/en_us/product-security/announcements/svd-2022-0604.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.