Re: XSS SplunkWeb vulnerability

lboyd · ‎07-23-2014

Several sources indicate a XSS vulnerability in recent Splunk versions. I can find no reference to this issue on your site or in the change logs. Below are some recent examples of sites referring to this issue confirmed in a different Splunk version 6.1.1; our Nessus scanner is also hitting on it(by exploit test and not version check) against version 5.0.8.

cn.tenable.com/plugins/index.php?view=single&id=74243

www.securityfocus.com/bid/67655/info

packetstormsecurity.com/files/126813/Splunk-6.1.1-Cross-Site-Scripting.html

Does the Splunk team have a plan to address this vulnerability?

dwolf_splunk · ‎07-23-2014

Hi lboyd,

Splunk Product Security is aware of this XSS referrer header vulnerability. Engineering has fixed the issue, and updates are coming soon in upcoming maintenance releases. Please stay tuned for more details.

dwolf_splunk · ‎07-28-2014

Hi Robert,

The next maintenance release is in assurance testing and will be published soon. Splunk releases are cumulative, meaning that future releases will contain fixes to vulnerabilities, new features and other bug fixes. Please bear with us while we ensure the new bits work as expected across multiple platforms and configurations.

robert_miller · ‎07-28-2014

Is there an ETA when this fix will be released?

piebob · ‎07-23-2014

hi lboyd, someone from our prodsec team will be by soon to respond to your question.

XSS SplunkWeb vulnerability

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation