CVE-2023-22937 — Improper Input Validation in Cloud Platform

CWE-20 — Improper Input Validation CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 44.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Splunk Cloud Platform Splunk Enterprise Splunk

Timeline

PublishedFeb 14

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5splunk/splunk_enterprise8.1 — 8.1.13+2

▶NVDsplunk/splunk8.1.0 — 8.1.13+2

▶CVEListV5splunk/splunk_cloud_platform- — 9.0.2209.3

▶NVDsplunk/splunk_cloud_platform< 9.0.2209.3

🔴Vulnerability Details

GHSA

GHSA-gw5r-2prc-4jj5: In Splunk Enterprise versions below 8↗2023-02-14

▶

CVEList

Unnecessary File Extensions Allowed by Lookup Table Uploads in Splunk Enterprise↗2023-02-14

▶