Lucene search

SplunkCVELIST:CVE-2023-32714

HistoryJun 01, 2023 - 4:34 p.m.

CVE-2023-32714 Path Traversal in Splunk App for Lookup File Editing

2023-06-0116:34:29

Splunk

www.cve.org

cve-2023-32714

splunk

lookup file editing

path traversal

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.

CNA Affected

[
  {
    "product": "Splunk App for Lookup File Editing",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "4.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "4.0.1"
      }
    ]
  }
]

References

advisory.splunk.com/advisories/SVD-2023-0608

research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for CVELIST:CVE-2023-32714