CVE-2023-22931

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2023-0201	Vendor Advisory
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk_cloud_platform::::::::
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*

Information

Published : 2023-02-14 10:15

Updated : 2023-02-23 06:28

NVD link : CVE-2023-22931

Mitre link : CVE-2023-22931

JSON object : View

CWE

CWE-276

Incorrect Default Permissions

Products Affected

splunk

splunk_cloud_platform
splunk

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0201", "name": "https://advisory.splunk.com/advisories/SVD-2023-0201", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", "name": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018createrss\u2019 external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-276"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-22931", "ASSIGNER": "prodsec@splunk.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2023-02-14T18:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.2203"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.10", "versionStartIncluding": "8.2.0"}, {"cpe23Uri": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-23T14:28Z"}

4.3 /10