CVE-2022-26889 In versions before 8.1.2, the path to load a relative resource is vulnerable to path traversal.

CVE-2022-26889 In versions before 8.1.2, the path to load a relative resource is vulnerable to path traversal.

Upgrade to version 8.1.2 or later, as these versions fix this issue. Splunk Enterprise versions before 8.1.2 are vulnerable to remote code execution due to a command injection issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user.

Splunk Enterprise versions before 8.1.2 are vulnerable to remote code execution due to a command injection issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user. Splunk Enterprise versions before 8.1.2 are vulnerable to remote code execution due to a command injection issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user. Splunk Enterprise versions before 8.1.2 are vulnerable to remote code execution due to a command injection issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user. Splunk Enterprise versions before 8.1.2 are vulnerable to remote code execution due to a command injection issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user.

Vulnerability overview

A vulnerability has been identified that could allow a remote attacker to execute instructions within the web browser of an affected system.

Splunk Enterprise version prior to 8.1.2 is vulnerable to remote code execution due to a command inj uction issue. It is possible for a user to input commands into their Splunk installation that can allow an attacker to execute instructions within the web browser of the user.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe