Reflected XSS in a query parameter of the Monitoring Console
Advisory ID: SVD-2022-0505
CVSSv3.1 Score: 8.8, High
CVE ID: CVE-2022-27183
Last Update: 2022-05-03
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Security Content: Splunk XSS in Monitoring Console
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
Upgrade Splunk Enterprise to 8.1.4 or later.
As an alternative to upgrading, disable or delete the app, disable Splunkweb, or disable Distributed mode. See Managing app objects for more information on disabling the app. See Configure distributed mode for disabling Distributed mode on the Monitoring Console app. See Disable unnecessary Splunk Enterprise components and web.conf for more information on disabling Splunkweb.
|Product||Version||Affected Versions||Fix Version|
|Splunk Enterprise||8.1||8.1.3 and earlier||8.1.4|
The vulnerability does not impact Splunk Cloud Platform instances.
Danylo Dmytriiev (DDV_UA)