In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-27033 In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published:

Updated: 2025-02-28T11:03:46.340Z

Reserved: 2023-01-10T21:39:55.583Z

Link: CVE-2023-22931

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-14T18:15:12.063

Modified: 2024-11-21T07:45:39.900

Link: CVE-2023-22931

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.