Improper Authorization in Splunk Enterprise and Splunk Cloud Platform
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-22931 |
| CWE-ID | CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers Splunk Cloud Platform Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authorization
EUVDB-ID: #VU77062
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22931
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass the authorization mechanisms.
The vulnerability exists due to a the "createrss" external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. A remote user can bypass access restrictions on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSplunk Enterprise: 8.1.0 - 8.2.9
Splunk Cloud Platform: 8.2.2202
External linkshttp://advisory.splunk.com/advisories/SVD-2023-0201
http://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
