CVE-2022-37438
LOWSplunk Enterprise 8.1.0-8.1.10 & Splunk Cloud <8.2.2203.4 Authenticated Info Exposure
Title source: llmDescription
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html
Vendor Advisory x_refsource_confirm
https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6
Scores
CVSS v3
2.6
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
splunk/splunk
9.0.0
splunk/splunk
8.1.0 - 8.1.11
splunk/splunk_cloud_platform
< 8.2.2203.4
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026