Reflected Cross-site Scripting (XSS) on "/app/search/table" web endpoint
CVE-2023-40592

8.4HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud
Vendor: CVE Published:; 30 August 2023

What is CVE-2023-40592?

In specific versions of Splunk Enterprise, an attacker can exploit a reflected cross-site scripting vulnerability by sending specially crafted web requests to the '/app/search/table' endpoint. This security issue may allow an attacker to execute arbitrary commands on the affected Splunk platform instance, posing significant security risks to users and data.

Affected Version(s)

Splunk Cloud - < 9.0.2305.200

Splunk Enterprise 8.2 < 8.2.12

Splunk Enterprise 9.0 < 9.0.6

References

https://advisory.splunk.com/advisories/SVD-2023-0801

https://research.splunk.com/application/182f9080-4137-462...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2023
Vulnerability Reserved
Aug 16, 2023

Credit

Danylo Dmytriiev (DDV_UA)