CVE-2023-32708
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Splunk | Splunk Enterprise | 8.1 < 8.1.14 | affected |
| Splunk | Splunk Enterprise | 8.2 < 8.2.11 | affected |
| Splunk | Splunk Enterprise | 9.0 < 9.0.5 | affected |
| Splunk | Splunk Cloud Platform | - < 9.0.2303.100 | affected |
Weaknesses
- CWE-113: The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
ADP Enrichment
CVE Program Container
Additional References
- https://advisory.splunk.com/advisories/SVD-2023-0603
- https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/
References
- https://advisory.splunk.com/advisories/SVD-2023-0603
- https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.