CVE-2023-22936: Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise

6.3 CVSS

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment.

Classification

CVE ID: CVE-2023-22936

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 34.18% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-0206
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd

Timeline

2024-12-11 00:30:48 UTC
CVE

Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise