We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-22934

SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise



AssignerSplunk
Reserved2023-01-10
Published2023-02-14
Updated2024-10-30

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.



HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Product status

8.1 before 8.1.13
affected

8.2 before 8.2.10
affected

9.0 before 9.0.4
affected

- before 9.0.2209.3
affected

Credits

Anton (therceman)

References

https://advisory.splunk.com/advisories/SVD-2023-0204

https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd

cve.org CVE-2023-22934

nvd.nist.gov CVE-2023-22934

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.