CVE-2023-32710
CVSS V2 None
CVSS V3 None
Description
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.
Overview
- CVE ID
- CVE-2023-32710
- Assigner
- Splunk
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-06-01T16:34:28.796Z
- Last Modified Date
- 2024-04-10T00:53:09.489Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://advisory.splunk.com/advisories/SVD-2023-0609 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32710 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32710 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 11:28:12 | Added to TrackCVE |