Splunk / Product Security / SVD-2022-0507

Error message discloses internal path

Advisory ID: SVD-2022-0507

Published: 2022-05-03

CVSSv3.1 Score: 4.3, Medium

CWE: CWE-200

CVE ID: CVE-2022-26070

Last Update: 2022-05-03

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

 

Description

When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. 

The vulnerability impacts instances with Splunkweb enabled. See Disable unnecessary Splunk Enterprise components and web.conf for more information on disabling Splunkweb.

 

Solution

Upgrade Splunk Enterprise to 8.1.0 or later.

 

Product Status

Product Version Affected Versions Fix Version
Splunk Enterprise 8.1 - 8.1.0

The vulnerability does not impact Splunk Cloud Platform instances.

 

Acknowledgments

Dipak Prajapati (Lethal)