Reflected XSS in a query parameter of the Monitoring Console
Advisory ID: SVD-2022-0505
CVE ID: CVE-2022-27183
Published: 2022-05-03
Last Update: 2022-05-03
CVSSv3.1 Score: 8.8, High
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-79
Bug ID: SPL-201205
Description
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
Solution
Upgrade Splunk Enterprise to 8.1.4 or later.
As an alternative to upgrading, disable or delete the app, disable Splunkweb, or disable Distributed mode. See Managing app objects for more information on disabling the app. See Configure distributed mode for disabling Distributed mode on the Monitoring Console app. See Disable unnecessary Splunk Enterprise components and web.conf for more information on disabling Splunkweb.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 8.1 | Splunk Monitoring Console | 8.1.3 and earlier | 8.1.4 |
| Splunk Enterprise | 8.2 | - | Not affected | - |
The vulnerability does not impact Splunk Cloud Platform instances.
Detections
Acknowledgments
Danylo Dmytriiev (DDV_UA)