CVE-2022-32151 — Improper Certificate Validation in INC Splunk Cloud Platform

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

9.1CRITICALNVD

CNA7.4

EPSS

0.2%

top 57.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk INC Splunk Cloud Platform Splunk INC Splunk Enterprise Splunk +1 more

Timeline

PublishedJun 15

Latest updateJun 16

Description

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise,…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5splunk_inc/splunk_enterprise9.0 — 9.0

▶NVDsplunk/splunk_cloud_platform< 8.2.2203

▶CVEListV5splunk_inc/splunk_cloud_platform8.2 — 8.2.2203

▶NVDsplunk/splunk< 9.0

🔴Vulnerability Details

GHSA

GHSA-4mv8-3862-hghv: The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA)↗2022-06-16

▶

CVEList

Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default↗2022-06-15

▶