Lucene search

PRIOn knowledge basePRION:CVE-2022-43566

HistoryNov 04, 2022 - 11:15 p.m.

Design/Logic Flaw

2022-11-0423:15:00

PRIOn knowledge base

www.prio-n.com

splunk enterprise

security flaw

versions

risky commands

bypass

spl safeguards

analytics workspace

phishing

browser executable

vulnerability

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will.

CPENameOperatorVersion
splunkge9.0.0
splunklt9.0.2
splunkge8.2.0
splunklt8.2.9
splunkge8.1.0
splunklt8.1.12
splunk_cloud_platformlt9.0.2208

Name	Operator	Version
splunk	ge	9.0.0
splunk	lt	9.0.2
splunk	ge	8.2.0
splunk	lt	8.2.9
splunk	ge	8.1.0
splunk	lt	8.1.12
splunk_cloud_platform	lt	9.0.2208

References

research.splunk.com/application/b6d77c6c-f011-4b03-8650-8f10edb7c4a8/

www.splunk.com/en_us/product-security/announcements/svd-2022-1106.html