CVE-2023-22937 – Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22937
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. • https://advisory.splunk.com/advisories/SVD-2023-0207 https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-22933 – Persistent Cross-Site Scripting through the ‘module’ Tag in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22933
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’. • https://advisory.splunk.com/advisories/SVD-2023-0203 https://research.splunk.com/application/9ac2bfea-a234-4a18-9d37-6d747e85c2e4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-22932 – Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22932
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. • https://advisory.splunk.com/advisories/SVD-2023-0202 https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-22936 – Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22936
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. • https://advisory.splunk.com/advisories/SVD-2023-0206 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-22941 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2023-22941
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). • https://github.com/eduardosantos1989/CVE-2023-22941 https://advisory.splunk.com/advisories/SVD-2023-0211 https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14 • CWE-248: Uncaught Exception •