Lucene search

PRIOn knowledge basePRION:CVE-2023-40595

HistoryAug 30, 2023 - 5:15 p.m.

Code injection

2023-08-3017:15:00

PRIOn knowledge base

www.prio-n.com

splunk

enterprise

version

8.2.12

9.0.6

9.1.1

attack

execute

query

serialize

untrusted data

arbitrary code

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

JSON

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. The attacker can use the query to execute arbitrary code.

CPENameOperatorVersion
splunkeq9.1.0
splunkge8.2.0
splunklt8.2.12
splunkge9.0.0
splunklt9.0.6
splunk_cloud_platformle9.0.2305.100

Name	Operator	Version
splunk	eq	9.1.0
splunk	ge	8.2.0
splunk	lt	8.2.12
splunk	ge	9.0.0
splunk	lt	9.0.6
splunk_cloud_platform	le	9.0.2305.100

References

advisory.splunk.com/advisories/SVD-2023-0804

research.splunk.com/application/d1d8fda6-874a-400f-82cf-dcbb59d8e4db/