Absolute Path Traversal in Splunk Enterprise Using runshellscript.py
CVE-2023-40597
7.8HIGH
What is CVE-2023-40597?
In specific versions of Splunk Enterprise, an absolute path traversal vulnerability allows attackers to exploit the system by executing arbitrary code stored on a separate disk. This flaw can pose significant security risks, enabling unauthorized access and manipulation of sensitive data. Organizations utilizing affected versions should prioritize applying the latest updates to mitigate this vulnerability and protect their systems.
Affected Version(s)
Splunk Cloud - < 9.0.2305.200
Splunk Enterprise 8.2 < 8.2.12
Splunk Enterprise 9.0 < 9.0.6