CVE-2021-31559 — Authentication Bypass Using an Alternate Path or Channel in Splunk

CWE-288 — Authentication Bypass Using an Alternate Path or Channel CWE-287 — Improper Authentication3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 58.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Splunk Enterprise

Timeline

PublishedMay 6

Latest updateMay 7

Description

A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5splunk/splunk_enterprise8.2 version(s) before 8.2.1, Version(s) before 8.1.5+1

▶NVDsplunk/splunk8.1.0 — 8.1.5+1

🔴Vulnerability Details

GHSA

GHSA-g37x-8fq5-rmrc: A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8↗2022-05-07

▶

CVEList

S2S TcpToken authentication bypass↗2022-05-06

▶