Splunk 4.3.6 addresses one vulnerability - March 25, 2013

Table of Contents

Credit

Description

Splunk version 4.3.6 addresses one vulnerability:

At the time of this announcement, Splunk is not aware of any cases where this vulnerability has been exploited. Previous Product Security Announcements can be found on our Product Security Portal. SPL numbers are to be used in communication with Splunk to address specific vulnerabilities.

Products and Components Affected

Security vulnerability addressed by this maintenance release affects the following versions of Splunk running Splunk Web:

Upgrades

Splunk recommends to upgrade to the latest release and applying as many of the Hardening Standards from Securing Splunk docs as relevant to your environment. Splunk releases are cumulative, meaning that future releases will contain fixes to this vulnerability, new features and other bug fixes.

Credit

For SPL-60629, Splunk would like to thank and credit the security team of the reporting customer with the Responsible Disclosure of this issue. Contact us to add names or details.

Vulnerability Descriptions and Ratings

Reflected XSS in Splunk Web (SPL-60629) (CVE-2013-2766)

Description: A reflected cross-site scripting vulnerability was identified in Splunk Web. While this does not have direct impact on the Splunk server, an attacker could trick an authenticated Splunk Web user into clicking a maliciously crafted link (which may exist on any external page), enabling the attacker to execute arbitrary web script code in the victim's browser, if the victim is authenticated.

Severity rating: When appropriate, Splunk uses Common Vulnerability Scoring System version 2 to standardize calculation of severity scores for each vulnerability.

Versions Affected: Splunk 4.3.0 - 4.3.5

CVSS Severity (version 2.0):

CVSS Base Score 4.0
CVSS Impact Subscore 2.9
CVSS Exploitability Subscore 8.0

CVSS Version 2 Metrics

  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single instance
  • Impact Type:
    • Allows partial integrity violation
  • Exploitability: Proof of concept code
  • Remediation Level: Official fix
  • Report Confidence: Confirmed

Mitigation and Remediation: