Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22931

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

Published

2023-02-14T18:15:12.063

Last Modified

2024-11-21T07:45:39.900

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-285
  • Type: Primary
    CWE-276
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application splunk splunk < 8.1.13 Yes
Application splunk splunk < 8.2.10 Yes
Application splunk splunk_cloud_platform < 8.2.2203 Yes
References