CVE-2023-32714: Path Traversal in Splunk App for Lookup File Editing

8.1 CVSS

Description

In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.

Classification

CVE ID: CVE-2023-32714

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

Affected Products

Vendor: Splunk

Product: Splunk App for Lookup File Editing

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 43.47% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-0608
https://research.splunk.com/application/8ed58987-738d-4917-9e44-b8ef6ab948a6/

Timeline

2024-12-11 00:30:48 UTC
CVE

Path Traversal in Splunk App for Lookup File Editing