CVE-2023-22936 Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise

🗓️ 14 Feb 2023 17:22:38Reported by SplunkType

Authenticated Blind SSRF via 'search_listener' in Splunk Enterpris

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-22936	14 Feb 202320:35	–	circl
CNNVD	Splunk 代码问题漏洞	14 Feb 202300:00	–	cnnvd
CVE	CVE-2023-22936	14 Feb 202317:22	–	cve
EUVD	EUVD-2023-27038	3 Oct 202520:07	–	euvd
NVD	CVE-2023-22936	14 Feb 202318:15	–	nvd
OSV	CVE-2023-22936	14 Feb 202318:15	–	osv
Prion	Server side request forgery (ssrf)	14 Feb 202318:15	–	prion
Positive Technologies	PT-2023-18779 · Splunk · Splunk Enterprise	14 Feb 202300:00	–	ptsecurity
Tenable Nessus	Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0206)	16 Feb 202300:00	–	nessus

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "8.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "8.1.13"
      },
      {
        "version": "8.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "8.2.10"
      },
      {
        "version": "9.0",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.0.4"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "-",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.0.2209.3"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2023-0206
research	www.research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd

28 Feb 2025 11:03Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.3

EPSS0.00299