cbcvebase.
CVE-2023-32714
published 2023-06-01

CVE-2023-32714: In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal…

PriorityP265high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
42.82%
98.5th percentile
In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.

Affected

5 ranges
VendorProductVersion rangeFixed in
splunksplunk>= 8.1.0 < 8.1.148.1.14
splunksplunk>= 8.2.0 < 8.2.118.2.11
splunksplunk>= 9.0.0 < 9.0.59.0.5
splunksplunk_app_for_lookup_file_editing< 4.0.14.0.1
splunksplunk_app_for_lookup_file_editing>= 4.0 < 4.0.14.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.