SB2023060727 - Multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform
Published: June 7, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2023-22935)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the SPL Command Safeguards Bypass within the "display.page.search.patterns.sensitivity" Search parameter. A remote attacker can cause a search bypass SPL safeguards for risky commands.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2023-22936)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in the "search_listener" search parameter. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
3) Input validation error (CVE-ID: CVE-2023-22939)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the SPL Command Safeguards Bypass within the "map" SPL command. A remote attacker can cause a search bypass SPL safeguards for risky commands.
4) Input validation error (CVE-ID: CVE-2023-22934)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the SPL Command Safeguards bypass within the "pivot" SPL command. A remote user can cause a search bypass SPL safeguards for risky commands using a saved search job.
Remediation
Install update from vendor's website.