Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Splunk Cloud Platform by Splunk, Inc

    CVE-2022-32154 (GCVE-0-2022-32154)

    Vulnerability from nvd – Published: 2022-06-15 16:48 – Updated: 2024-09-16 20:11
    VLAI
    Title
    Risky commands warnings in Splunk Enterprise Dashboards
    Summary
    Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk Danylo Dmytriiev (DDV_UA) Anton (therceman)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:55.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2106",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            },
            {
              "lang": "en",
              "value": "Danylo Dmytriiev (DDV_UA)"
            },
            {
              "lang": "en",
              "value": "Anton (therceman)"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:48:46.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0604",
            "discovery": "INTERNAL"
          },
          "title": "Risky commands warnings in Splunk Enterprise Dashboards",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32154",
              "STATE": "PUBLIC",
              "TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2106"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              },
              {
                "lang": "eng",
                "value": "Danylo Dmytriiev (DDV_UA)"
              },
              {
                "lang": "eng",
                "value": "Anton (therceman)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0604",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32154",
        "datePublished": "2022-06-15T16:48:46.918Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:11:36.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32153 (GCVE-0-2022-32153)

    Vulnerability from nvd – Published: 2022-06-15 16:48 – Updated: 2024-09-16 16:43
    VLAI
    Title
    Splunk Enterprise lacked TLS host name validation
    Summary
    Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2203",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:48:21.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0603",
            "discovery": "INTERNAL"
          },
          "title": "Splunk Enterprise lacked TLS host name validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32153",
              "STATE": "PUBLIC",
              "TITLE": "Splunk Enterprise lacked TLS host name validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-297 Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
                },
                {
                  "name": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0603",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32153",
        "datePublished": "2022-06-15T16:48:21.566Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:11.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32151 (GCVE-0-2022-32151)

    Vulnerability from nvd – Published: 2022-06-15 16:46 – Updated: 2024-09-16 17:59
    VLAI
    Title
    Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default
    Summary
    The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2203",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:46:07.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0601",
            "discovery": "INTERNAL"
          },
          "title": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32151",
              "STATE": "PUBLIC",
              "TITLE": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295 Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0601",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32151",
        "datePublished": "2022-06-15T16:46:07.016Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:24.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32154 (GCVE-0-2022-32154)

    Vulnerability from cvelistv5 – Published: 2022-06-15 16:48 – Updated: 2024-09-16 20:11
    VLAI
    Title
    Risky commands warnings in Splunk Enterprise Dashboards
    Summary
    Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk Danylo Dmytriiev (DDV_UA) Anton (therceman)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:55.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2106",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            },
            {
              "lang": "en",
              "value": "Danylo Dmytriiev (DDV_UA)"
            },
            {
              "lang": "en",
              "value": "Anton (therceman)"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:48:46.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0604",
            "discovery": "INTERNAL"
          },
          "title": "Risky commands warnings in Splunk Enterprise Dashboards",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32154",
              "STATE": "PUBLIC",
              "TITLE": "Risky commands warnings in Splunk Enterprise Dashboards"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2106"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              },
              {
                "lang": "eng",
                "value": "Danylo Dmytriiev (DDV_UA)"
              },
              {
                "lang": "eng",
                "value": "Anton (therceman)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0604.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_commands/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_risky_spl_mltk/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_command_and_scripting_interpreter_delete_usage/"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0604",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32154",
        "datePublished": "2022-06-15T16:48:46.918Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:11:36.885Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32153 (GCVE-0-2022-32153)

    Vulnerability from cvelistv5 – Published: 2022-06-15 16:48 – Updated: 2024-09-16 16:43
    VLAI
    Title
    Splunk Enterprise lacked TLS host name validation
    Summary
    Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
    CWE
    • CWE-297 - Improper Validation of Certificate with Host Mismatch
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2203",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-297",
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:48:21.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0603",
            "discovery": "INTERNAL"
          },
          "title": "Splunk Enterprise lacked TLS host name validation",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32153",
              "STATE": "PUBLIC",
              "TITLE": "Splunk Enterprise lacked TLS host name validation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-297 Improper Validation of Certificate with Host Mismatch"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_digital_certificates_infrastructure_version/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_digital_certificates_lack_of_encryption/"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_selfsigned/"
                },
                {
                  "name": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/network/splunk_identified_ssl_tls_certificates/"
                },
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0603.html"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0603",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32153",
        "datePublished": "2022-06-15T16:48:21.566Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:43:11.526Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32151 (GCVE-0-2022-32151)

    Vulnerability from cvelistv5 – Published: 2022-06-15 16:46 – Updated: 2024-09-16 17:59
    VLAI
    Title
    Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default
    Summary
    The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Date Public
    2022-06-14 00:00
    Credits
    Chris Green at Splunk
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:32:56.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Splunk Enterprise",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "9.0",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Splunk Cloud Platform",
              "vendor": "Splunk, Inc",
              "versions": [
                {
                  "lessThan": "8.2.2203",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chris Green at Splunk"
            }
          ],
          "datePublic": "2022-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-15T16:46:07.000Z",
            "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
            "shortName": "Splunk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
            }
          ],
          "source": {
            "advisory": "SVD-2022-0601",
            "discovery": "INTERNAL"
          },
          "title": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "prodsec@splunk.com",
              "DATE_PUBLIC": "2022-06-14T11:55:00.000Z",
              "ID": "CVE-2022-32151",
              "STATE": "PUBLIC",
              "TITLE": "Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Splunk Enterprise",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "9.0",
                                "version_value": "9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Splunk Cloud Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "8.2",
                                "version_value": "8.2.2203"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Splunk, Inc"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chris Green at Splunk"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295 Improper Certificate Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0601.html"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation"
                },
                {
                  "name": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates",
                  "refsource": "CONFIRM",
                  "url": "https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/Updates"
                },
                {
                  "name": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/",
                  "refsource": "CONFIRM",
                  "url": "https://research.splunk.com/application/splunk_protocol_impersonation_weak_encryption_simplerequest/"
                }
              ]
            },
            "source": {
              "advisory": "SVD-2022-0601",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "assignerShortName": "Splunk",
        "cveId": "CVE-2022-32151",
        "datePublished": "2022-06-15T16:46:07.016Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:59:24.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }