topic Re: XSS SplunkWeb vulnerability in Security

XSS SplunkWeb vulnerability

lboyd — Wed, 23 Jul 2014 15:37:22 GMT

Several sources indicate a XSS vulnerability in recent Splunk versions. I can find no reference to this issue on your site or in the change logs. Below are some recent examples of sites referring to this issue confirmed in a different Splunk version 6.1.1; our Nessus scanner is also hitting on it(by exploit test and not version check) against version 5.0.8.

cn.tenable.com/plugins/index.php?view=single&id=74243

www.securityfocus.com/bid/67655/info

packetstormsecurity.com/files/126813/Splunk-6.1.1-Cross-Site-Scripting.html

Does the Splunk team have a plan to address this vulnerability?

Re: XSS SplunkWeb vulnerability

piebob — Wed, 23 Jul 2014 22:14:02 GMT

hi lboyd, someone from our prodsec team will be by soon to respond to your question.

Re: XSS SplunkWeb vulnerability

dwolf_splunk — Thu, 24 Jul 2014 01:05:28 GMT

Hi lboyd,

Splunk Product Security is aware of this XSS referrer header vulnerability. Engineering has fixed the issue, and updates are coming soon in upcoming maintenance releases. Please stay tuned for more details.

Re: XSS SplunkWeb vulnerability

robert_miller — Mon, 28 Jul 2014 13:36:26 GMT

Is there an ETA when this fix will be released?

Re: XSS SplunkWeb vulnerability

dwolf_splunk — Mon, 28 Jul 2014 23:42:44 GMT

Hi Robert,

The next maintenance release is in assurance testing and will be published soon. Splunk releases are cumulative, meaning that future releases will contain fixes to vulnerabilities, new features and other bug fixes. Please bear with us while we ensure the new bits work as expected across multiple platforms and configurations.