CVE-2023-22942 – Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22942
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request. • https://advisory.splunk.com/advisories/SVD-2023-0212 https://research.splunk.com/application/4742d5f7-ce00-45ce-9c79-5e98b43b4410 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-22932 – Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22932
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0. • https://advisory.splunk.com/advisories/SVD-2023-0202 https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-22936 – Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22936
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. • https://advisory.splunk.com/advisories/SVD-2023-0206 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-22941 – Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
https://notcve.org/view.php?id=CVE-2023-22941
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd). • https://github.com/eduardosantos1989/CVE-2023-22941 https://advisory.splunk.com/advisories/SVD-2023-0211 https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14 • CWE-248: Uncaught Exception •
CVE-2023-22935 – SPL Command Safeguards Bypass via the ‘display.page.search.patterns.sensitivity’ Search Parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2023-22935
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. • https://advisory.splunk.com/advisories/SVD-2023-0205 https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •