ghsa-7g93-5vcp-frv5
Vulnerability from github
Published
2023-07-06 19:24
Modified
2024-04-04 05:33
Severity
Details
In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
{ "affected": [], "aliases": [ "CVE-2023-22931" ], "database_specific": { "cwe_ids": [ "CWE-276", "CWE-285" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2023-02-14T18:15:00Z", "severity": "MODERATE" }, "details": "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018createrss\u2019 external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.", "id": "GHSA-7g93-5vcp-frv5", "modified": "2024-04-04T05:33:03Z", "published": "2023-07-06T19:24:09Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22931" }, { "type": "WEB", "url": "https://advisory.splunk.com/advisories/SVD-2023-0201" }, { "type": "WEB", "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "type": "CVSS_V3" } ] }
Loading...