CVE-2023-32716 – Denial of Service via the 'dump' SPL command
https://notcve.org/view.php?id=CVE-2023-32716
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0611 https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-32717 – Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
https://notcve.org/view.php?id=CVE-2023-32717
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8 • CWE-285: Improper Authorization •
CVE-2023-32706 – Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
https://notcve.org/view.php?id=CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2023-32711 – Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
https://notcve.org/view.php?id=CVE-2023-32711
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. • https://advisory.splunk.com/advisories/SVD-2023-0605 https://research.splunk.com/application/8a43558f-a53c-4ee4-86c1-30b1e8ef3606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •