CVE-2023-22932 - Vulnerability Details - OpenCVE

Description

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.

Published: 2023-02-14

Score: 8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Splunk

Splunk Enterprise

affected

Version	Status	Constraints
`9.0`	affected	< 9.0.4

Splunk

Splunk Cloud Platform

affected

Version	Status	Constraints
`-`	affected	< 9.0.2209.3

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-27034	In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00639.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2023-0202
https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/

History

No history.

Subscriptions

Splunk Splunk Splunk Cloud Platform

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-02-14T17:22:38.739Z

Updated: 2025-02-28T11:03:57.639Z

Reserved: 2023-01-10T21:39:55.583Z

Link: CVE-2023-22932

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-14T18:15:12.143

Modified: 2024-11-21T07:45:40.030

Link: CVE-2023-22932

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22932", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-01-10T21:39:55.583Z", "datePublished": "2023-02-14T17:22:38.739Z", "dateUpdated": "2025-02-28T11:03:57.639Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.4"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2209.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0."}], "value": "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0202"}, {"url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/"}], "title": "Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise", "datePublic": "2023-02-14T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1", "baseScore": 8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.", "cweId": "CWE-79"}]}], "source": {"advisory": "SVD-2023-0202"}, "credits": [{"lang": "en", "value": "Tim Coen (foobar7)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:57.639Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.421Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0202", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", "versionEndExcluding": "9.0.4", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AF379C7-8910-4C30-882A-4CE9F9C9992C", "versionEndExcluding": "9.0.2209.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0."}], "id": "CVE-2023-22932", "lastModified": "2024-11-21T07:45:40.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-14T18:15:12.143", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0202"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0202"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}