In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
Advisories
Source ID Title
EUVD EUVD EUVD-2023-27041 In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 27 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 15 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled.

cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published:

Updated: 2025-02-28T11:03:47.779Z

Reserved: 2023-01-10T21:39:55.584Z

Link: CVE-2023-22939

cve-icon Vulnrichment

Updated: 2024-08-02T10:20:31.457Z

cve-icon NVD

Status : Modified

Published: 2023-02-14T18:15:12.687

Modified: 2024-11-21T07:45:40.980

Link: CVE-2023-22939

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.