CVE-2023-32714 – Path Traversal in Splunk App for Lookup File Editing
https://notcve.org/view.php?id=CVE-2023-32714
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory. • https://advisory.splunk.com/advisories/SVD-2023-0608 https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVE-2023-32716 – Denial of Service via the 'dump' SPL command
https://notcve.org/view.php?id=CVE-2023-32716
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0611 https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-32717 – Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
https://notcve.org/view.php?id=CVE-2023-32717
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8 • CWE-285: Improper Authorization •
CVE-2023-32706 – Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
https://notcve.org/view.php?id=CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •