PT-2023-6956 · Splunk · Splunk Enterprise
Alex Hordijk
·
Published
2023-11-16
·
Updated
2024-04-10
·
CVE-2023-46214
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions below 9.0.7 and 9.1.2
Description
The issue is related to the improper sanitization of extensible stylesheet language transformations (XSLT) supplied by users in Splunk Enterprise. This allows an attacker to upload malicious XSLT, potentially resulting in remote code execution on the Splunk Enterprise instance. There are over 120,000 publicly exposed Splunk instances, making them vulnerable to this issue.
Recommendations
For Splunk Enterprise versions below 9.0.7, update to version 9.0.7 or later.
For Splunk Enterprise versions below 9.1.2, update to version 9.1.2 or later.
As a temporary workaround, consider restricting access to the XSLT functionality until a patch is applied.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Enterprise