First published: Thu Nov 03 2022(Updated: )
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled.
Credit: prodsec@splunk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk Splunk | >=8.1.0<8.1.12 | |
Splunk Splunk | >=8.2.0<8.2.9 | |
Splunk Splunk | >=9.0.0<9.0.2 | |
Splunk Splunk Cloud Platform | <9.0.2208 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Splunk Enterprise vulnerability is CVE-2022-43561.
The severity of CVE-2022-43561 is medium.
Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2 are affected.
A remote user with the "power" role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS) attacks.
Instances with Splunk Cloud Platform up to version 9.0.2208 are affected by this vulnerability.
Upgrade to Splunk Enterprise version 8.1.12, 8.2.9, or 9.0.2 to fix this vulnerability.
You can find more information about this vulnerability at the following URLs: [Splunk Research](https://research.splunk.com/application/a974d1ee-ddca-4837-b6ad-d55a8a239c20/) and [Splunk Product Security](https://www.splunk.com/en_us/product-security/announcements/svd-2022-1101.html).