CVE-2022-37438

Summary

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise9.0 < 9.0.1affected
SplunkSplunk Enterprise8.2 < 8.2.7.1affected
SplunkSplunk Enterprise8.1 < 8.1.11affected
SplunkSplunk Cloud Platformunspecified < 9.0.2205affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CVE Program Container

Additional References

References