PT-2022-21122 · Splunk · Splunk Cloud Platform+1
Chris Green
·
Published
2022-06-15
·
Updated
2022-06-24
·
CVE-2022-32153
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 9.0
Splunk Cloud Platform versions prior to 8.2.2203
Description
The issue concerns the lack of TLS certificate validation during Splunk-to-Splunk communications by default in affected versions. This could allow an attacker with administrator credentials to add a peer without a valid certificate. Connections from misconfigured nodes without valid certificates did not fail by default.
Recommendations
For Splunk Enterprise versions prior to 9.0, update to Splunk Enterprise version 9.0.
For Splunk Enterprise, configure TLS host name validation for Splunk-to-Splunk communications to enable remediation.
For Splunk Cloud Platform versions prior to 8.2.2203, update to Splunk Cloud Platform version 8.2.2203 or later.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise