CVE-2022-26889

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 8.1.2

Description The issue allows an attacker to potentially inject arbitrary content into a web page, such as HTML Injection or XSS, or bypass safeguards for risky commands. This is due to a path traversal vulnerability in the uri path to load a relative resource within a web page. The attack is browser-based and requires an attacker to initiate a request within the victim's browser, such as through phishing. The lack of sanitization in a relative url path in a search parameter enables the arbitrary injection of external content.

Recommendations For Splunk Enterprise versions prior to 8.1.2, update to version 8.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive web pages and implementing additional security measures to prevent phishing attacks. Avoid using the vulnerable search parameter until the issue is resolved.