Splunk Ent <=9.0.5/8.2.11/8.1.14 override via /services/indexing/preview
CVE-2023-32717 Published on June 1, 2023
Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results
On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2023-32717 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-32717
stack.watch emails you whenever new vulnerabilities are published in Splunk Cloud Platform or Splunk. Just hit a watch button to start following.
Affected Versions
Splunk Enterprise:- Version 8.1 and below 8.1.14 is affected.
- Version 8.2 and below 8.2.11 is affected.
- Version 9.0 and below 9.0.5 is affected.
- Version - and below 9.0.2303.100 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.