Vulnerabilities > CVE-2022-37438 - Unspecified vulnerability in Splunk and Splunk Cloud Platform

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

splunk

NVD

Published: 2022-08-16

Updated: 2023-07-21

Summary

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.0.0 Splunk Splunk 8.1.0 Splunk Splunk 8.1.1 Splunk Splunk 8.1.2 Splunk Splunk 8.1.4 Splunk Splunk 8.1.5 Splunk Splunk 8.1.6 Splunk Splunk 8.1.7 Splunk Splunk 8.2.0 Splunk Splunk Cloud Platform - Splunk Splunk Cloud Platform 8.1.2103 Splunk Splunk Cloud Platform 8.2.2105 Splunk Splunk Cloud Platform 8.2.2106 Splunk Splunk Cloud Platform 8.2.2107 Splunk Splunk Cloud Platform 8.2.2109 Splunk Splunk Cloud Platform 8.2.2111 Splunk Splunk Cloud Platform 8.2.2112 Splunk Splunk Cloud Platform 8.2.2201 Splunk Splunk Cloud Platform 8.2.2202 Splunk Splunk Cloud Platform 8.2.2203	20

Summary

Vulnerable Configurations

References