Splunk / Product Security / SVD-2022-0505

Reflected XSS in a query parameter of the Monitoring Console

Advisory ID: SVD-2022-0505

Published: 2022-05-03

CVSSv3.1 Score: 8.8, High

CWE: CWE-79

CVE ID: CVE-2022-27183

Last Update: 2022-05-03

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Security Content: Splunk XSS in Monitoring Console

 

Description

The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. 

 

Solution

Upgrade Splunk Enterprise to 8.1.4 or later.  

As an alternative to upgrading, disable or delete the app, disable Splunkweb, or disable Distributed mode. See Managing app objects for more information on disabling the app. See Configure distributed mode for disabling Distributed mode on the Monitoring Console app. See Disable unnecessary Splunk Enterprise components and web.conf for more information on disabling Splunkweb.

 

Product Status

Product Version Affected Versions Fix Version
Splunk Enterprise 8.2 - 8.2.0
Splunk Enterprise 8.1 8.1.3 and earlier 8.1.4

The vulnerability does not impact Splunk Cloud Platform instances.

 

Acknowledgments

Danylo Dmytriiev (DDV_UA)

 

Questions? Submit your question to Splunk Support.

Ask Splunk Support