CVE-2023-32714

Name of the Vulnerable Software and Affected Versions Splunk App for Lookup File Editing versions prior to 4.0.1 Splunk Enterprise (affected versions not specified)

Description The issue is related to incorrect restriction of a directory path name with limited access. Exploitation may allow a remote attacker to read and write arbitrary files in the system using a specially crafted HTTP request. A low-privileged user can trigger a path traversal exploit with a specially crafted web request to read and write to restricted areas of the Splunk installation directory.

Recommendations For Splunk App for Lookup File Editing versions prior to 4.0.1, update to version 4.0.1 or later to resolve the issue. For Splunk Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.