Splunk response to Path Traversal vulnerability in Splunk Hadoop Connect App

Table of Contents

Description

Splunk response to Path Traversal vulnerability in Splunk Hadoop Connect App

At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there is no Common Vulnerabilities and Exposures (CVE) identifier listed with a vulnerability, it will be added once it is assigned by a CVE Numbering Authority. To standardize the calculation of severity scores for each vulnerability, when appropriate, Splunk uses Common Vulnerability Scoring System version 2 (CVSS v2).

Affected Products and Components

  • Path Traversal vulnerability in Splunk Hadoop Connect App (ERP-2041)
    • Affected Components: All versions of Splunk Hadoop Connect App before 1.2.5.

    Mitigation and Upgrades

    To mitigate this issue, Splunk recommends upgrading to Splunk Hadoop Connect App Version 1.2.5 or later.

    The updated Splunk Hadoop Connect App introduces new access controls on the use of Splunk Hadoop Connect App to limit access to users in the admin role.

    Vulnerability Descriptions and Ratings

    Path Traversal vulnerability in Splunk Hadoop Connect App (ERP-2041)

    Description: All versions of Splunk Hadoop Connect App before 1.2.5 are affected by a path traversal vulnerability that allows any authenticated Splunk user to potentially execute arbitrary code.

    Credits: Splunk would like to thank Marek Cybul for reporting this issue.

    CVSS Severity (version 2.0):

    CVSS Base Score8.5
    CVSS Impact Subscore10.0
    CVSS Exploitability Subscore6.8
    Overall CVSS Score7.3