Splunk 4.3.6 addresses one vulnerability

Advisory ID: SP-CAAAHSQ

CVE ID: CVE-2013-2766

Published: 2013-04-20

Last Update: 2013-04-20

CVSSv3.1 Score: 4.0, 

CVSSv3.1 Vector: -

CWE: -

Bug ID: SPL-60629

Description

Splunk version 4.3.6 addresses one vulnerability:

  • Reflected XSS in SplunkWeb (SPL-60629) (CVE-2013-2766)

At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. SPL numbers are to be used in communication with Splunk to address specific vulnerabilities.

Products and Components Affected

Security vulnerability addressed by this maintenance release affects the following versions of Splunk running Splunk Web:

  • SPL-60629 : Splunk 4.3.0 through 4.3.5

    Upgrades

    To mitigate these issues, Splunk recommends upgrading to the latest release and applying as many of the Hardening Standards from the Securing Splunk docs as are relevant to your environment. Splunk Enterprise and Splunk Light releases are cumulative, meaning that future releases will contain fixes to these vulnerabilities, new features and other bug fixes.

Credit

For SPL-60629, Splunk would like to thank and credit the security team of the reporting customer with the Responsible Disclosure of this issue. Contact us to add names or details.

Vulnerability Descriptions and Ratings

Reflected XSS in Splunk Web (SPL-60629) (CVE-2013-2766)

Description: A reflected cross-site scripting vulnerability was identified in Splunk Web. While this does not have direct impact on the Splunk server, an attacker could trick an authenticated Splunk Web user into clicking a maliciously crafted link (which may exist on any external page), enabling the attacker to execute arbitrary web script code in the victim’s browser, if the victim is authenticated.

Severity rating: When appropriate, Splunk uses Common Vulnerability Scoring System version 2 to standardize calculation of severity scores for each vulnerability.

Versions Affected: Splunk 4.3.0 - 4.3.5

CVSS Severity (version 2.0):

CVSS Base Score 4.0

CVSS Impact Subscore 2.9

CVSS Exploitability Subscore 8.0

CVSS Version 2 Metrics

  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single instance
  • Impact Type:
    • Allows partial integrity violation
  • Exploitability: Proof of concept code
  • Remediation Level: Official fix
  • Report Confidence: Confirmed

    Mitigation and Remediation:

  • For those planning to stay with version 4, upgrade to 4.3.6 release from Older Releases page Otherwise, Splunk recommends to upgrade to the latest release.

    Document History

  • 2013-April-20: Rev 3. Initial Release