CVE-2023-46214

CVE-2023-46214 describes a remote code execution risk in Splunk Enterprise caused by unsafe sanitization of user-supplied XSLT. Affected versions are Splunk Enterprise 9.0.x before 9.0.7 and 9.1.x before 9.1.2, where uploading crafted XSLT can lead to code execution on the target. The vulnerabili...

CVE-2024-23675

CVE-2024-23675 affects Splunk Enterprise versions below 9.0.8 and 9.1.3, where the Splunk app key value store (KV Store) incorrectly handles permissions for users using the REST API, potentially enabling deletion of KV Store collections. The issue is rooted in access-control handling for KV Store...

CVE-2024-23677

In Splunk Enterprise, versions prior to 9.0.8 are affected where the Splunk RapidDiag utility logs server responses from external applications, potentially exposing sensitive data in log files. The issue is confirmed in multiple sources; remediation is to update to Splunk Enterprise 9.0.8 or newe...

CVE-2024-23676

CVE-2024-23676 affects Splunk Enterprise: versions below 9.0.8 and 9.1.3 expose index metrics via the mrollup SPL command to low-privilege users, requiring interaction from a high-privileged user. The root cause is insufficient access control around mrollup, enabling sensitive metric disclosure. ...

CVE-2023-46213

CVE-2023-46213 affects Splunk Enterprise: versions prior to 9.0.7 and 9.1.2 are vulnerable due to ineffective escaping in the Show syntax Highlighted feature, enabling unauthorized code execution in a user’s browser (XSS). The vulnerability is documented across multiple sources (Splunk advisory S...