Splunk on Tuesday announced Splunk Enterprise updates that resolve multiple high-severity vulnerabilities, including security defects impacting third-party packages used by the product.
The most severe vulnerabilities are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two issues that could lead to the bypass of search processing language (SPL) safeguards for risky commands. Both flaws affect instances with Splunk Web enabled and require a high-privileged user to make a request in their browser.
CVE-2023-22934, another SPL safeguards bypass in Splunk Enterprise, requires an authenticated user to craft a saved job before a request is made in the browser.
Splunk also released patches for two high-severity cross-site scripting (XSS) vulnerabilities (CVE-2023-22932 and CVE-2023-22933) and has released additional resources to hunt for signs of malicious exploitation.
Patches were also released for multiple medium-severity vulnerabilities in Splunk Enterprise, some of which could lead to information disclosure, the sending of emails as the Splunk instance, the upload of lookup tables with unnecessary filename extensions, and server-side request forgery (SSRF).