We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-32717

Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results



Description

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

Reserved 2023-05-11 | Published 2023-06-01 | Updated 2025-02-28 | Assigner Splunk


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Product status

8.1 before 8.1.14
affected

8.2 before 8.2.11
affected

9.0 before 9.0.5
affected

- before 9.0.2303.100
affected

Credits

Scott Calvert, Splunk

References

advisory.splunk.com/advisories/SVD-2023-0612

research.splunk.com/...bbe26f95-1655-471d-8abd-3d32fafa86f8/

cve.org (CVE-2023-32717)

nvd.nist.gov (CVE-2023-32717)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-32717

Support options

Helpdesk Chat, Email, Knowledgebase