CVE-2023-22940Improper Input Validation in Cloud Platform

CWE-20Improper Input Validation3 documents3 sources
Severity
5.7MEDIUMNVD
CNA6.3
EPSS
0.3%
top 43.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedFeb 14
Latest updateJul 6

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances wit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise8.18.1.13+2
NVDsplunk/splunk8.1.08.1.13+2
CVEListV5splunk/splunk_cloud_platform-9.0.2212

🔴Vulnerability Details

2
GHSA
GHSA-h6fv-f2m3-r3mm: In Splunk Enterprise versions below 82023-07-06
CVEList
SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise2023-02-14
CVE-2023-22940 — Improper Input Validation in Splunk | cvebase