Splunk, a leading provider of data analytics and security solutions, recently published security advisories addressing certain Splunk Enterprise and Splunk cloud vulnerabilities. The significance of being watchful and proactive when it comes to cybersecurity is highlighted by these advisories.
The advisories specifically point out one low and 6 medium severity vulnerabilities, 7 high and one critical severity vulnerability involving Splunk Enterprise, Splunk cloud, Splunk universal Forwarders and Splunk Add on Apps, which is frequently set up in an organization's infrastructure. By exploiting these flaws, an attacker may be able to run arbitrary code or acquire private data, such as login credentials or system configuration information.
Organizations who have Splunk Enterprise, Splunk Cloud and Splunk Web configured in their environment are strongly urged to update to version 9.0.5 of Splunk Enterprise and 9.0.2303.100 of Splunk cloud to fix these issues. This release provides a patch that focuses on third party updates in Splunk Universal Forwarders, Splunk Enterprise, Splunk Cloud and Splunk Web-related vulnerabilities.
Splunk has released their quarterly updates on security advisories, there are
- 1 high severity vulnerability to Splunk enterprise
- 1 critical severity vulnerability to Splunk Universal forwarders.
- 1 high severity vulnerability to Splunk cloud.
- 3 'high', 5 'medium', 1 'low', severity vulnerability specific to Splunk Web.
Below is the list of vulnerabilities related to Splunk cloud, Splunk web and Splunk enterprise published by Splunk.
| SVD 2023 | CVE | Description | Component | Affected Version | Fixed Version | Action to be Taken | Severity |
| 0614 | Multiple | June Third Party Package Updates in Splunk Universal Forwarders | Splunk Universal Forwarders |
Splunk Universal forwarders: |
Splunk Universal Forwarders: |
Upgrade Splunk Universal forwarders: |
Critical |
| 0613 | Multiple | June Third Party Package Updates in Splunk Enterprise | Splunk Enterprise |
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher | High |
| 0615 | Multiple | June Third Party Package Updates in Splunk Cloud | Splunk Cloud |
Splunk Cloud: |
Splunk Cloud: |
Upgrade Splunk Cloud to 9.0.2303.100 version | High |
| 0601 | 2023-32706 | Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication |
Splunk Web (HF,IDX,SH) |
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher |
High |
| 0602 | 2023-32707 | ‘edit_user’ Capability Privilege Escalation | |||||
| 0603 | 2023-32708 | HTTP Response Splitting via the ‘rest’ SPL Command |
Splunk Cloud: |
Splunk Cloud: |
Upgrade Splunk Cloud to 9.0.2303.100 version | ||
| 0607 | 2023-32713 | Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream |
Streamfwd |
Splunk App for stream: |
Splunk App for Stream: 8.1.1 |
Upgrade Splunk App for stream to 8.1.1 |
High |
| 0608 | 2023-32714 | Path Traversal in Splunk App for Lookup File Editing |
Splunk App for Lookup Editing |
Splunk App for Lookup Editing version 4.0 and lower |
Splunk App for Lookup Editing version 4.0.1 |
Upgrade Splunk App for lookup editing to 4.0.1 |
High |
| 0604 | 2023-32709 | Low-privileged User can View Hashed Default Splunk Password |
Splunk Web (HF,IDX,SH)
|
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher |
Medium |
|
Splunk Cloud: |
Splunk Cloud: |
Upgrade Splunk Cloud to 9.0.2303.100 version | |||||
| 0605 | 2023-32711 | Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View |
Splunk Web (HF,IDX,SH) |
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher |
Medium |
| 0609 | 2023-32710 | Information Disclosure via the ‘copyresults’ SPL Command |
Splunk Web (HF,IDX,SH) |
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher | |
|
Splunk Cloud: |
Splunk Cloud: |
Upgrade Splunk Cloud to 9.0.2303.100 version | |||||
| 0610 | 2023-32715 | Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing |
Splunk App for Lookup Editing |
Splunk App for Lookup Editing version 4.0 and lower |
Splunk App for Lookup Editing version 4.0.1 |
Upgrade Splunk App for lookup editing to 4.0.1 |
Medium |
| 0611 | 2023-32716 | Denial of Service via the 'dump' SPL command |
Splunk Web (HF,IDX,SH) |
Splunk Enterprise: |
Splunk Enterprise: |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher | |
| 0612 | 2023-32717 | Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results |
Splunk Cloud: |
Splunk Cloud: 9.0.2303.100 |
Upgrade Splunk Cloud to 9.0.2303.100 version | ||
| 0606 | 2023-32712 | Unauthenticated Log Injection on '/var/log/splunk/web_service.log' Log File |
Splunk Web (HF,IDX,SH) |
Splunk Enterprise: |
Splunk Enterprise: 8.1.14, |
Upgrade to Splunk Enterprise 8.1.14, 8.2.11, 9.0.5 or higher |
Low |
