CVE-2023-32717 | THREATINT

Description

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

PUBLISHED Reserved 2023-05-11 | Published 2023-06-01 | Updated 2025-02-28 | Assigner Splunk

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Product status

8.1 (custom) before 8.1.14

affected

8.2 (custom) before 8.2.11

affected

9.0 (custom) before 9.0.5

affected

- (custom) before 9.0.2303.100

affected

Credits

Scott Calvert, Splunk

References

advisory.splunk.com/advisories/SVD-2023-0612

research.splunk.com/...bbe26f95-1655-471d-8abd-3d32fafa86f8/

advisory.splunk.com/advisories/SVD-2023-0612

research.splunk.com/...bbe26f95-1655-471d-8abd-3d32fafa86f8/

cve.org (CVE-2023-32717)

nvd.nist.gov (CVE-2023-32717)

Download JSON

help @ threatint.eu