CVE-2023-22937

{"id": "CVE-2023-22937", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-02-14T18:15:12.540", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0207", "tags": ["Mitigation", "Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://advisory.splunk.com/advisories/SVD-2023-0207", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl."}], "lastModified": "2024-11-21T07:45:40.697", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "24C628AD-CF89-4FD5-B58F-38D150D2F535", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", "versionEndExcluding": "8.2.10", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", "versionEndExcluding": "9.0.4", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF379C7-8910-4C30-882A-4CE9F9C9992C", "versionEndExcluding": "9.0.2209.3"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}