Lucene search

[email protected]NVD:CVE-2022-43563

HistoryNov 04, 2022 - 11:15 p.m.

CVE-2022-43563

2022-11-0423:15:09

CWE-20

[email protected]

web.nvd.nist.gov

splunk enterprise

security bypass

rex search command

spl safeguards

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.

Affected configurations

NVD

Node

splunksplunkRange8.1.0–8.1.12enterprise

splunksplunkRange8.2.0–8.2.9enterprise

splunksplunk_cloud_platformRange<9.0.2203

References

www.splunk.com/en_us/product-security/announcements/svd-2022-1103.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for NVD:CVE-2022-43563

nessus1 cve1 prion1 cvelist1