If users do not log in to Splunk Web on indexers in a distributed environment, disable Splunk Web on those indexers. Splunk is actively monitoring and patching Splunk Cloud Platform instances. Upgrade Splunk Enterprise to versions 9.0.7 or 9.1.2. In Splunk Enterprise versions below 9.0.7 and 9.1.2, the “Show syntax highlighted” feature of the Search page does not effectively escape log file characters.This vulnerability lets an attacker craft a log file which can execute unauthorized Javascript code in the browser of a user that interacts with events in the malicious log file in a specific way. Splunk rates this vulnerability a 8.0, High, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.Ĭross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search PageĬVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N Upgrade Splunk Enterprise to either 9.0.7 or 9.1.2. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. Remote code execution (RCE) in Splunk Enterprise through Insecure XML ParsingĬVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H Splunk encourages customers to add its Really Simple Syndication (RSS) feed to their RSS reader to receive a notification when Splunk publishes the advisories. Splunk publishes Security Advisories alongside corresponding product releases. When Splunk cannot backport a patch due to technical feasibility or otherwise, it publishes mitigations and additional compensating control guidance. Splunk makes advisories available for versions of Splunk products that it supports at the time of disclosure through ongoing cloud or on-premises maintenance releases. Splunk publishes Security Advisories to alert customers to security issues in Splunk products that Splunk has remedied. Security Advisories are collections of disclosures and security fixes for supported versions of Splunk products. For all Advisories, Announcements, and Bulletins, see the Security Advisories list. This page lists announcements of Splunk Security Advisories and Third Party Bulletins. Splunk Security Advisories and Third Party Bulletins
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |