Description
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- Splunk / Splunk Cloud Platform9.0.2209.3
- Splunk / Splunk Enterprise8.1 – 8.1.13
- Splunk / Splunk Enterprise8.2 – 8.2.10
- Splunk / Splunk Enterprise9.0 – 9.0.4