Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-37438

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

Published

2022-08-16T21:15:13.587

Last Modified

2024-11-21T07:14:59.743

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.6 (LOW)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	splunk	splunk	< 8.1.11	Yes
Application	splunk	splunk	< 8.2.7.1	Yes
Application	splunk	splunk	9.0.0	Yes
Application	splunk	splunk_cloud_platform	≤ 8.2.2203.4	Yes

References

https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 Vendor Advisory ([email protected])
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html Mitigation, Vendor Advisory ([email protected])
https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)