CVE-2023-22931

Published Feb 14, 2023

Last updated 7 months ago

Overview

Description: In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.
Source: prodsec@splunk.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-276
prodsec@splunk.com: CWE-285

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24C628AD-CF89-4FD5-B58F-38D150D2F535",
            "versionEndExcluding": "8.1.13",
            "versionStartIncluding": "8.1.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B2A60A4-55C6-4C11-B86D-452CC43D85FF",
            "versionEndExcluding": "8.2.10",
            "versionStartIncluding": "8.2.0"
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B97CD36E-7ABF-4A2C-B844-D6C5CBBE673E",
            "versionEndExcluding": "8.2.2203"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References