Description
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- Splunk / Splunk Cloud Platform9.0.2209.3
- Splunk / Splunk Enterprise8.1 – 8.1.13
- Splunk / Splunk Enterprise8.2 – 8.2.10
- Splunk / Splunk Enterprise9.0 – 9.0.4