CVE-2023-22931

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2023-0201	Vendor Advisory
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/	Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2023-0201	Vendor Advisory
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

21 Nov 2024, 07:45

Type	Values Removed	Values Added
References	~~() https://advisory.splunk.com/advisories/SVD-2023-0201 - Vendor Advisory~~	() https://advisory.splunk.com/advisories/SVD-2023-0201 - Vendor Advisory
References	~~() https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ - Vendor Advisory~~	() https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ - Vendor Advisory

Information

Published : 2023-02-14 18:15

Updated : 2024-11-21 07:45

NVD link : CVE-2023-22931

Mitre link : CVE-2023-22931

CVE.ORG link : CVE-2023-22931

JSON object : View

Products Affected

splunk

splunk_cloud_platform
splunk

CWE

CWE-285

Improper Authorization

CWE-276

Incorrect Default Permissions

{"id": "CVE-2023-22931", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-02-14T18:15:12.063", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0201", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://advisory.splunk.com/advisories/SVD-2023-0201", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-285"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018createrss\u2019 external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default."}], "lastModified": "2024-11-21T07:45:39.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "24C628AD-CF89-4FD5-B58F-38D150D2F535", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", "versionEndExcluding": "8.2.10", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E", "versionEndExcluding": "8.2.2203"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}