PT-2023-23976 · Splunk · Splunk Enterprise+1
Danylo Dmytriiev
+1
·
Published
2023-06-01
·
Updated
2024-04-10
·
CVE-2023-32708
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 9.0.5
Splunk Enterprise versions prior to 8.2.11
Splunk Enterprise versions prior to 8.1.14
Splunk Cloud Platform versions prior to 9.0.2303.100
Description
A low-privileged user can trigger an HTTP response splitting issue with the
rest SPL command, potentially allowing them to access other REST endpoints in the system arbitrarily.Recommendations
For Splunk Enterprise versions prior to 9.0.5, update to version 9.0.5 or later.
For Splunk Enterprise versions prior to 8.2.11, update to version 8.2.11 or later.
For Splunk Enterprise versions prior to 8.1.14, update to version 8.1.14 or later.
For Splunk Cloud Platform versions prior to 9.0.2303.100, update to version 9.0.2303.100 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise