CVE-2021-42743Uncontrolled Search Path Element in Splunk

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
CNA8.8
EPSS
0.1%
top 69.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SplunkSplunk Enterprise
Timeline
PublishedMay 6
Latest updateMay 7

Description

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5splunk/splunk_enterprise8.1 version(s) before 8.1.1
NVDsplunk/splunk< 8.1.1

🔴Vulnerability Details

2
GHSA
GHSA-h2qf-x496-gm8q: A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise2022-05-07
CVEList
Local privilege escalation via a default path in Splunk Enterprise Windows2022-05-06
CVE-2021-42743 — Uncontrolled Search Path Element | cvebase