All the vulnerabilites related to Splunk - Splunk Cloud
cve-2023-40594
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Denial of Service (DoS) via the ‘printf’ Search Function
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:06:09.286043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:41:36.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2303.100",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance."
}
],
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:48.199Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0803"
},
{
"url": "https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/"
}
],
"source": {
"advisory": "SVD-2023-0803"
},
"title": "Denial of Service (DoS) via the \u2018printf\u2019 Search Function"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40594",
"datePublished": "2023-08-30T16:19:40.677Z",
"dateReserved": "2023-08-16T22:07:52.838Z",
"dateUpdated": "2024-10-30T15:06:48.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23676
Vulnerability from cvelistv5
Published
2024-01-22 20:37
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2024-0106"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.8",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.3",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.1.2308.200",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anton (therceman)"
}
],
"datePublic": "2024-01-22T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
}
],
"value": "In Splunk versions below 9.0.8 and 9.1.3, the \u201cmrollup\u201d SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:50.596Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0106"
},
{
"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
}
],
"source": {
"advisory": "SVD-2024-0106"
},
"title": "Sensitive Information Disclosure of Index Metrics through \u201cmrollup\u201d SPL Command"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2024-23676",
"datePublished": "2024-01-22T20:37:42.546Z",
"dateReserved": "2024-01-19T16:28:17.341Z",
"dateUpdated": "2024-10-30T15:06:50.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40592
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:05
Severity ?
EPSS score ?
Summary
Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2305.200",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the \u201c/app/search/table\u201d web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance."
}
],
"value": "In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the \u201c/app/search/table\u201d web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:05:44.025Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0801"
},
{
"url": "https://research.splunk.com/application/182f9080-4137-4629-94ac-cb1083ac981a/"
}
],
"source": {
"advisory": "SVD-2023-0801"
},
"title": "Reflected Cross-site Scripting (XSS) on \"/app/search/table\" web endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40592",
"datePublished": "2023-08-30T16:19:38.525Z",
"dateReserved": "2023-08-16T22:07:52.837Z",
"dateUpdated": "2024-10-30T15:05:44.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46213
Vulnerability from cvelistv5
Published
2023-11-16 20:15
Modified
2024-10-30 15:05
Severity ?
EPSS score ?
Summary
Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unknown",
"product": "splunk",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.0.7",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "9.1.2",
"status": "affected",
"version": "9.1",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:splunk:splunk_cloud_platform:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "splunk_cloud_platform",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.1.2308",
"status": "affected",
"version": "-",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T19:29:45.410405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:11.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-1103"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.7",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.2",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.1.2308",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joshua Neubecker"
}
],
"datePublic": "2023-11-16T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the \u201cShow syntax Highlighted\u201d feature can result in the execution of unauthorized code in a user\u2019s web browser."
}
],
"value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the \u201cShow syntax Highlighted\u201d feature can result in the execution of unauthorized code in a user\u2019s web browser."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:05:30.588Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-1103"
},
{
"url": "https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/"
}
],
"source": {
"advisory": "SVD-2023-1103"
},
"title": "Cross-site Scripting (XSS) on \u201cShow Syntax Highlighted\u201d View in Search Page"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-46213",
"datePublished": "2023-11-16T20:15:46.739Z",
"dateReserved": "2023-10-18T17:02:51.235Z",
"dateUpdated": "2024-10-30T15:05:30.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40598
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Command Injection in Splunk Enterprise Using External Lookups
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2305.200",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance."
}
],
"value": "In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:53.104Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0807"
},
{
"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/"
}
],
"source": {
"advisory": "SVD-2023-0807"
},
"title": "Command Injection in Splunk Enterprise Using External Lookups"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40598",
"datePublished": "2023-08-30T16:19:28.135Z",
"dateReserved": "2023-08-16T22:07:52.838Z",
"dateUpdated": "2024-10-30T15:06:53.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23675
Vulnerability from cvelistv5
Published
2024-01-22 20:37
Modified
2024-10-30 15:05
Severity ?
EPSS score ?
Summary
Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2024-0105"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-23T18:20:30.290043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T10:41:48.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.8",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.3",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.1.2312.100",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julian Kaufmann"
}
],
"datePublic": "2024-01-22T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."
}
],
"value": "In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:05:33.153Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0105"
},
{
"url": "https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/"
}
],
"source": {
"advisory": "SVD-2024-0105"
},
"title": "Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2024-23675",
"datePublished": "2024-01-22T20:37:23.117Z",
"dateReserved": "2024-01-19T16:28:17.340Z",
"dateUpdated": "2024-10-30T15:05:33.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46214
Vulnerability from cvelistv5
Published
2023-11-16 20:15
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-1104"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "splunk_enterprise",
"vendor": "splunk",
"versions": [
{
"lessThan": "9.1.2",
"status": "affected",
"version": "9.1",
"versionType": "custom"
},
{
"lessThan": "9.0.7",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46214",
"options": [
{
"Exploitation": "PoC"
},
{
"Automatable": "No"
},
{
"Technical Impact": "Total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-21T05:00:57.261536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:27:06.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.7",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.2",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.1.2308",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Hordijk"
}
],
"datePublic": "2023-11-16T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance."
}
],
"value": "In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:54.312Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-1104"
},
{
"url": "https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/"
},
{
"url": "https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/"
}
],
"source": {
"advisory": "SVD-2023-1104"
},
"title": "Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-46214",
"datePublished": "2023-11-16T20:15:25.838Z",
"dateReserved": "2023-10-18T17:02:51.236Z",
"dateUpdated": "2024-10-30T15:06:54.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23677
Vulnerability from cvelistv5
Published
2024-01-22 20:37
Modified
2024-11-13 16:49
Severity ?
EPSS score ?
Summary
Server Response Disclosure in RapidDiag Salesforce.com Log File
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2024-0107"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-26T17:28:10.472556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T16:49:02.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.8",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2208",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vikram Ashtaputre, Splunk"
}
],
"datePublic": "2024-01-22T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file."
}
],
"value": "In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:44.509Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0107"
}
],
"source": {
"advisory": "SVD-2024-0107"
},
"title": "Server Response Disclosure in RapidDiag Salesforce.com Log File"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2024-23677",
"datePublished": "2024-01-22T20:37:41.993Z",
"dateReserved": "2024-01-19T16:28:17.341Z",
"dateUpdated": "2024-11-13T16:49:02.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40595
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:05
Severity ?
EPSS score ?
Summary
Remote Code Execution via Serialized Session Payload
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2305.200",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code."
}
],
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:05:35.534Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0804"
},
{
"url": "https://research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/"
}
],
"source": {
"advisory": "SVD-2023-0804"
},
"title": "Remote Code Execution via Serialized Session Payload"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40595",
"datePublished": "2023-08-30T16:19:29.761Z",
"dateReserved": "2023-08-16T22:07:52.838Z",
"dateUpdated": "2024-10-30T15:05:35.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40597
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThan": "9.1.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2305.200",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Danylo Dmytriiev (DDV_UA)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk."
}
],
"value": "In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as /abs/path that can resolve to a location that is outside of that directory.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:34.711Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0806"
},
{
"url": "https://research.splunk.com/application/356bd3fe-f59b-4f64-baa1-51495411b7ad/"
}
],
"source": {
"advisory": "SVD-2023-0806"
},
"title": "Absolute Path Traversal in Splunk Enterprise Using runshellscript.py"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40597",
"datePublished": "2023-08-30T16:19:44.220Z",
"dateReserved": "2023-08-16T22:07:52.838Z",
"dateUpdated": "2024-10-30T15:06:34.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40593
Vulnerability from cvelistv5
Published
2023-08-30 16:19
Modified
2024-10-30 15:06
Severity ?
EPSS score ?
Summary
Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Splunk Cloud |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.12",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "9.0.6",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"product": "Splunk Cloud",
"vendor": "Splunk",
"versions": [
{
"lessThan": "9.0.2205",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Aaron Devaney (Dodekeract)"
}
],
"datePublic": "2023-08-30T00:00:00.000000",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon."
}
],
"value": "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:06:39.574Z",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
},
{
"url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/"
}
],
"source": {
"advisory": "SVD-2023-0802"
},
"title": "Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request"
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2023-40593",
"datePublished": "2023-08-30T16:19:41.308Z",
"dateReserved": "2023-08-16T22:07:52.838Z",
"dateUpdated": "2024-10-30T15:06:39.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}