Splunk Cloud vulnerabilities

CVE-2024-23675 [MEDIUM] CWE-284 CVE-2024-23675: In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperl In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections.

CVE-2024-23677 [MEDIUM] CWE-532 CVE-2024-23677: In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses f In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file.

CVE-2024-23676 [LOW] CWE-20 CVE-2024-23676: In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit.

CVE-2023-46214 [HIGH] CWE-91 CVE-2023-46214: In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize exte In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.

CVE-2023-46213 [MEDIUM] CWE-79 CVE-2023-46213: In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highli In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

CVE-2023-40597 [HIGH] CWE-36 CVE-2023-40597: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolu In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CVE-2023-40594 [HIGH] CWE-400 CVE-2023-40594: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

CVE-2023-40595 [HIGH] CWE-502 CVE-2023-40595: In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a special In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

CVE-2023-40598 [HIGH] CWE-77 CVE-2023-40598: In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external loo In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.

CVE-2023-40593 [HIGH] CWE-400 CVE-2023-40593: In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed se In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

CVE-2023-40592 [MEDIUM] CWE-79 CVE-2023-40592: In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web re In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.