CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32717 – Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
https://notcve.org/view.php?id=CVE-2023-32717
01 Jun 2023 — On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 • CWE-285: Improper Authorization •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32706 – Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
https://notcve.org/view.php?id=CVE-2023-32706
01 Jun 2023 — On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32708 – HTTP Response Splitting via the ‘rest’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32708
01 Jun 2023 — In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily. • https://advisory.splunk.com/advisories/SVD-2023-0603 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22939 – SPL Command Safeguards Bypass via the ‘map’ SPL Command in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22939
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0209 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22938 – Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22938
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance. • https://advisory.splunk.com/advisories/SVD-2023-0208 • CWE-285: Improper Authorization •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22937 – Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22937
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. • https://advisory.splunk.com/advisories/SVD-2023-0207 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22933 – Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22933
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. • https://advisory.splunk.com/advisories/SVD-2023-0203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22932 – Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22932
14 Feb 2023 — In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. • https://advisory.splunk.com/advisories/SVD-2023-0202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-22936 – Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22936
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. • https://advisory.splunk.com/advisories/SVD-2023-0206 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-22941 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2023-22941
14 Feb 2023 — In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). • https://github.com/eduardosantos1989/CVE-2023-22941 • CWE-248: Uncaught Exception •