In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-0210 | Vendor Advisory |
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Dec 2023, 01:28
Type | Values Removed | Values Added |
---|---|---|
References | () https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ - Vendor Advisory |
25 Oct 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. |
23 Feb 2023, 15:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Splunk splunk
Splunk splunk Cloud Platform Splunk |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.7 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* |
|
References | (MISC) https://advisory.splunk.com/advisories/SVD-2023-0210 - Vendor Advisory | |
References | (MISC) https://research.splunk.com/endpoint/ee69374a-d27e-4136-adac-956a96ff60fd - Broken Link |
14 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-14 18:15
Updated : 2024-04-10 01:15
NVD link : CVE-2023-22940
Mitre link : CVE-2023-22940
CVE.ORG link : CVE-2023-22940
JSON object : View
Products Affected
splunk
- splunk_cloud_platform
- splunk
CWE