Uncontrolled Search Path Element

CVE-2021-42743

Medium

4.6/10

Summary

A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-427 - Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

Advisory Timeline

Published May 06, 2022

Uncontrolled Search Path Element

CVE-2021-42743

Summary

CWE-427 - Uncontrolled Search Path Element

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS