{"containers":{"cna":{"affected":[{"product":"Splunk Enterprise","vendor":"Splunk, Inc","versions":[{"lessThan":"9.0","status":"affected","version":"9.0","versionType":"custom"}]},{"product":"Splunk Cloud Platform","vendor":"Splunk, Inc","versions":[{"lessThan":"8.2.2106","status":"affected","version":"8.2","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Chris Green at Splunk"},{"lang":"en","value":"Danylo Dmytriiev (DDV_UA)"},{"lang":"en","value":"Anton (therceman)"}],"datePublic":"2022-06-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-06-15T16:48:46.000Z","orgId":"42b59230-ec95-491e-8425-5a5befa1a469","shortName":"Splunk"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"},{"tags":["x_refsource_CONFIRM"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"},{"tags":["x_refsource_CONFIRM"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"},{"tags":["x_refsource_CONFIRM"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}],"source":{"advisory":"SVD-2022-0604","discovery":"INTERNAL"},"title":"Risky commands warnings in Splunk Enterprise Dashboards","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"prodsec@splunk.com","DATE_PUBLIC":"2022-06-14T11:55:00.000Z","ID":"CVE-2022-32154","STATE":"PUBLIC","TITLE":"Risky commands warnings in Splunk Enterprise Dashboards"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Splunk Enterprise","version":{"version_data":[{"version_affected":"<","version_name":"9.0","version_value":"9.0"}]}},{"product_name":"Splunk Cloud Platform","version":{"version_data":[{"version_affected":"<","version_name":"8.2","version_value":"8.2.2106"}]}}]},"vendor_name":"Splunk, Inc"}]}},"credit":[{"lang":"eng","value":"Chris Green at Splunk"},{"lang":"eng","value":"Danylo Dmytriiev (DDV_UA)"},{"lang":"eng","value":"Anton (therceman)"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates","refsource":"CONFIRM","url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"name":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html","refsource":"CONFIRM","url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"},{"name":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands","refsource":"CONFIRM","url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"},{"name":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/","refsource":"CONFIRM","url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"},{"name":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/","refsource":"CONFIRM","url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"},{"name":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/","refsource":"CONFIRM","url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}]},"source":{"advisory":"SVD-2022-0604","discovery":"INTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T07:32:55.969Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"}]}]},"cveMetadata":{"assignerOrgId":"42b59230-ec95-491e-8425-5a5befa1a469","assignerShortName":"Splunk","cveId":"CVE-2022-32154","datePublished":"2022-06-15T16:48:46.918Z","dateReserved":"2022-05-31T00:00:00.000Z","dateUpdated":"2024-09-16T20:11:36.885Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}