Lucene search

[email protected]NVD:CVE-2023-22940

HistoryFeb 14, 2023 - 6:15 p.m.

CVE-2023-22940

2023-02-1418:15:12

CWE-20

[email protected]

web.nvd.nist.gov

splunk enterprise

collect aliases

vulnerability

summary index

unprivileged users

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.8%

JSON

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.

Affected configurations

NVD

Node

splunksplunkRange8.1.0–8.1.13enterprise

splunksplunkRange8.2.0–8.2.10enterprise

splunksplunkRange9.0.0–9.0.4enterprise

splunksplunk_cloud_platformRange<9.0.2209.3

References

advisory.splunk.com/advisories/SVD-2023-0210

research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.8%

JSON

Related for NVD:CVE-2023-22940

cvelist1 prion1 nessus1 cve1