CVSS: 8.5EPSS: 1%CPEs: 4EXPL: 0CVE-2023-32714 – Path Traversal in Splunk App for Lookup File Editing
https://notcve.org/view.php?id=CVE-2023-32714
01 Jun 2023 — In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. • https://advisory.splunk.com/advisories/SVD-2023-0608 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32716 – Denial of Service via the 'dump' SPL command
https://notcve.org/view.php?id=CVE-2023-32716
01 Jun 2023 — In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0611 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
01 Jun 2023 — In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32717 – Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
https://notcve.org/view.php?id=CVE-2023-32717
01 Jun 2023 — On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 • CWE-285: Improper Authorization •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32706 – Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
https://notcve.org/view.php?id=CVE-2023-32706
01 Jun 2023 — On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32711 – Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View
https://notcve.org/view.php?id=CVE-2023-32711
01 Jun 2023 — In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload. • https://advisory.splunk.com/advisories/SVD-2023-0605 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32708 – HTTP Response Splitting via the ‘rest’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32708
01 Jun 2023 — In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily. • https://advisory.splunk.com/advisories/SVD-2023-0603 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22939 – SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22939
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0209 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22938 – Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22938
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. • https://advisory.splunk.com/advisories/SVD-2023-0208 • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22937 – Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22937
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. • https://advisory.splunk.com/advisories/SVD-2023-0207 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •