CVE-2023-22931

MEDIUM

Splunk Enterprise < 8.1.13 and 8.2.10 - Improper Authorization in RSS Feed Creation

Title source: llm

Description

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

References (2)

Core 2

Core References

Vendor Advisory

https://advisory.splunk.com/advisories/SVD-2023-0201

Vendor Advisory

https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/

Scores

CVSS v3 4.3

EPSS 0.0014

EPSS Percentile 33.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-285 CWE-276

Status published

Products (2)

splunk/splunk 8.1.0 - 8.1.13

splunk/splunk_cloud_platform < 8.2.2203

Published Feb 14, 2023

Tracked Since Feb 18, 2026