A number of high-severity vulnerabilities, including security flaws affecting third-party packages used by the product, have been fixed by Splunk Enterprise updates, according to the company.
The most serious flaws are CVE-2023-22939 and CVE-2023-22935 (CVSS score of 8.1), two problems that could allow risky commands to circumvent search processing language (SPL) protections. Both flaws call for a high-privileged user to submit a request in their browser and affect instances with Splunk Web enabled. Another SPL safeguards bypass in Splunk Enterprise, CVE-2023-22934, necessitates the creation of a saved job by an authenticated user before a browser request can be made.
In addition, Splunk has made available patches for two high-severity cross-site scripting (XSS) flaws (CVE-2023-22932 and CVE-2023-22933) as well as more tools for looking for indications of malicious exploitation.