In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-0608 | Vendor Advisory |
https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Jun 2023, 14:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* cpe:2.3:a:splunk:splunk_app_for_lookup_file_editing:*:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk splunk App For Lookup File Editing Splunk splunk |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CWE | CWE-22 | |
References | (MISC) https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/ - Vendor Advisory | |
References | (MISC) https://advisory.splunk.com/advisories/SVD-2023-0608 - Vendor Advisory |
01 Jun 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-01 17:15
Updated : 2024-04-10 01:15
NVD link : CVE-2023-32714
Mitre link : CVE-2023-32714
CVE.ORG link : CVE-2023-32714
JSON object : View
Products Affected
splunk
- splunk
- splunk_app_for_lookup_file_editing