CVE-2023-32716 – Denial of Service via the 'dump' SPL command
https://notcve.org/view.php?id=CVE-2023-32716
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0611 https://research.splunk.com/application/fb0e6823-365f-48ed-b09e-272ac4c1dad6 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2023-32710 – Information Disclosure via the ‘copyresults’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32710
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. • https://advisory.splunk.com/advisories/SVD-2023-0609 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-32717 – Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
https://notcve.org/view.php?id=CVE-2023-32717
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. • https://advisory.splunk.com/advisories/SVD-2023-0612 https://research.splunk.com/application/bbe26f95-1655-471d-8abd-3d32fafa86f8 • CWE-285: Improper Authorization •
CVE-2023-32706 – Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
https://notcve.org/view.php?id=CVE-2023-32706
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. • https://advisory.splunk.com/advisories/SVD-2023-0601 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2023-32708 – HTTP Response Splitting via the ‘rest’ SPL Command
https://notcve.org/view.php?id=CVE-2023-32708
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily. • https://advisory.splunk.com/advisories/SVD-2023-0603 https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •