CVE-2023-22940

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4

Description The issue concerns aliases of the collect search processing language (SPL) command, including summaryindex, sumindex, stash, mcollect, and meventcollect, which were not designated as safeguarded commands. This could potentially allow for the exposing of data to a summary index that unprivileged users could access. The issue requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.

Recommendations For versions prior to 8.1.13, update to version 8.1.13 or later. For versions prior to 8.2.10, update to version 8.2.10 or later. For versions prior to 9.0.4, update to version 9.0.4 or later.