CVE-2023-22936
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | 8.1 < 8.1.13 | affected |
| Splunk | Splunk Enterprise | 8.2 < 8.2.10 | affected |
| Splunk | Splunk Enterprise | 9.0 < 9.0.4 | affected |
| Splunk | Splunk Cloud Platform | - < 9.0.2209.3 | affected |
Weaknesses
- CWE-918: The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
ADP Enrichment
CVE Program Container
Additional References
- https://advisory.splunk.com/advisories/SVD-2023-0206
- https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd
References
- https://advisory.splunk.com/advisories/SVD-2023-0206
- https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.