CVE-2023-46213

Description

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Splunk / Splunk Cloud9.1.2308
Splunk / Splunk Enterprise9.0 – 9.0.7
Splunk / Splunk Enterprise9.1 – 9.1.2

References

VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2023-1103
MISChttps://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/