Splunk advisory

Splunk, a leading provider of data analytics and security solutions, recently published security advisories addressing certain Splunk Enterprise and Splunk cloud vulnerabilities. The significance of being watchful and proactive when it comes to cybersecurity is highlighted by these advisories.

The advisories specifically point out one low and 6 medium severity vulnerabilities, 7 high and one critical severity vulnerability involving Splunk Enterprise, Splunk cloud, Splunk universal Forwarders and Splunk Add on Apps,  which is frequently set up in an organization's infrastructure. By exploiting these flaws, an attacker may be able to run arbitrary code or acquire private data, such as login credentials or system configuration information.

Organizations who have Splunk Enterprise, Splunk Cloud and Splunk Web configured in their environment are strongly urged to update to version 9.0.5 of Splunk Enterprise  and 9.0.2303.100 of Splunk cloud to fix these issues. This release provides a patch that focuses on third party updates in Splunk Universal Forwarders, Splunk Enterprise, Splunk Cloud and Splunk Web-related vulnerabilities. 

Splunk has released their quarterly updates on security advisories, there are

  • 1 high severity vulnerability to Splunk enterprise
  • 1 critical severity vulnerability to Splunk Universal forwarders.
  • 1 high severity vulnerability to Splunk cloud.
  • 3 'high', 5 'medium', 1 'low', severity vulnerability specific to Splunk Web.

Below is the list of vulnerabilities related to Splunk cloud, Splunk web and Splunk enterprise published by Splunk.

SVD 2023 CVE Description Component Affected Version Fixed Version Action to be Taken Severity
0614 Multiple June Third Party Package Updates in Splunk Universal Forwarders Splunk Universal Forwarders

Splunk Universal forwarders:
8.1.13 and Lower,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Universal Forwarders:
8.1.14,
8.2.11,
9.0.5

Upgrade Splunk Universal forwarders:
8.1.14,
8.2.11,
9.0.5

Critical
0613 Multiple June Third Party Package Updates in Splunk Enterprise Splunk Enterprise

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher High
0615 Multiple June Third Party Package Updates in Splunk Cloud Splunk Cloud

Splunk Cloud:
9.0.2303 and below

Splunk Cloud:
9.0.2303.100

Upgrade Splunk Cloud to 9.0.2303.100 version  High
0601 2023-32706 Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication

Splunk Web

(HF,IDX,SH)

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher

High

0602 2023-32707 ‘edit_user’ Capability Privilege Escalation
0603 2023-32708 HTTP Response Splitting via the ‘rest’ SPL Command

Splunk Cloud:
9.0.2303 and below

Splunk Cloud:
9.0.2303.100

Upgrade Splunk Cloud to 9.0.2303.100 version
0607 2023-32713 Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream

Streamfwd

Splunk App for stream:
8.1 and lower

Splunk App for Stream: 8.1.1

Upgrade Splunk App for stream to 8.1.1

High

0608 2023-32714 Path Traversal in Splunk App for Lookup File Editing

Splunk App for Lookup Editing

Splunk App for Lookup Editing version 4.0 and lower

Splunk App for Lookup Editing version 4.0.1

Upgrade Splunk App for lookup editing to 4.0.1

High

0604 2023-32709 Low-privileged User can View Hashed Default Splunk Password

Splunk Web

(HF,IDX,SH)

 

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,|
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher

Medium

Splunk Cloud:
9.0.2303 and below

Splunk Cloud: 
9.0.2303.100

Upgrade Splunk Cloud to 9.0.2303.100 version
0605 2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

Splunk Web

(HF,IDX,SH)

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher

Medium

0609 2023-32710 Information Disclosure via the ‘copyresults’ SPL Command

Splunk Web

(HF,IDX,SH)

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher

Splunk Cloud: 
9.0.2303 and below

Splunk Cloud:
9.0.2303.100

Upgrade Splunk Cloud to 9.0.2303.100 version
0610 2023-32715 Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing

Splunk App for Lookup Editing

Splunk App for Lookup Editing version 4.0 and lower

Splunk App for Lookup Editing version 4.0.1

Upgrade Splunk App for lookup editing to 4.0.1

Medium

0611 2023-32716 Denial of Service via the 'dump' SPL command

Splunk Web

(HF,IDX,SH)

Splunk Enterprise:
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise:
8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher
0612 2023-32717 Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results

Splunk Cloud:
9.0.2303 and below

Splunk Cloud: 9.0.2303.100

Upgrade Splunk Cloud to 9.0.2303.100 version
0606 2023-32712 Unauthenticated Log Injection on '/var/log/splunk/web_service.log' Log File

Splunk Web (HF,IDX,SH)

Splunk Enterprise: 
8.1.0 to 8.1.13,
8.2.0 to 8.2.10,
9.0.0 to 9.0.4

Splunk Enterprise: 

8.1.14,
8.2.11,
9.0.5

Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher

Low

 

This author is a tech writer in Positka writing amazing blogs on latest smart security tech.

Get in touch

Send us a Message

Looking for general information or have a specific question. Fill the form below or drop
us a line at susan@positka.com.

Enquiry Now