CVE-2023-22936 - Vulnerability Details

Vendors	Products
Splunk	Splunk Splunk Cloud Platform

Link	Providers
https://advisory.splunk.com/advisories/SVD-2023-0206
https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22936", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-01-10T21:39:55.583Z", "datePublished": "2023-02-14T17:22:38.050Z", "dateUpdated": "2025-02-28T11:03:49.899Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.1", "status": "affected", "versionType": "custom", "lessThan": "8.1.13"}, {"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.10"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.4"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2209.3"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018search_listener\u2019 parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment."}], "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018search_listener\u2019 parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0206"}, {"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd"}], "title": "Authenticated Blind Server Side Request Forgery via the \u2018search_listener\u2019 Search Parameter in Splunk Enterprise", "datePublic": "2023-02-14T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.", "cweId": "CWE-918"}]}], "source": {"advisory": "SVD-2023-0206"}, "credits": [{"lang": "en", "value": "Danylo Dmytriiev (DDV_UA)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:49.899Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.429Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0206", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-22936 (string)

assignerOrgId : 42b59230-ec95-491e-8425-5a5befa1a469 (string)

state : PUBLISHED (string)

assignerShortName : Splunk (string)

dateReserved : 2023-01-10T21:39:55.583Z (string)

datePublished : 2023-02-14T17:22:38.050Z (string)

dateUpdated : 2025-02-28T11:03:49.899Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

product : Splunk Enterprise (string)

vendor : Splunk (string)

versions : [ »

0 : { »

version : 8.1 (string)

status : affected (string)

versionType : custom (string)

lessThan : 8.1.13 (string)

}

1 : { »

version : 8.2 (string)

status : affected (string)

versionType : custom (string)

lessThan : 8.2.10 (string)

}

2 : { »

version : 9.0 (string)

status : affected (string)

versionType : custom (string)

lessThan : 9.0.4 (string)

}

]

}

1 : { »

product : Splunk Cloud Platform (string)

vendor : Splunk (string)

versions : [ »

0 : { »

version : - (string)

status : affected (string)

versionType : custom (string)

lessThan : 9.0.2209.3 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. (string)

}

]

value : In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. (string)

}

]

references : [ »

0 : { »

url : https://advisory.splunk.com/advisories/SVD-2023-0206 (string)

}

1 : { »

url : https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd (string)

}

]

title : Authenticated Blind Server Side Request Forgery via the ‘search_listener’ Search Parameter in Splunk Enterprise (string)

datePublic : 2023-02-14T00:00:00.000Z (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : cwe (string)

description : The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (string)

cweId : CWE-918 (string)

}

]

}

]

source : { »

advisory : SVD-2023-0206 (string)

}

credits : [ »

0 : { »

lang : en (string)

value : Danylo Dmytriiev (DDV_UA) (string)

}

]

providerMetadata : { »

orgId : 42b59230-ec95-491e-8425-5a5befa1a469 (string)

shortName : Splunk (string)

dateUpdated : 2025-02-28T11:03:49.899Z (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T10:20:31.429Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://advisory.splunk.com/advisories/SVD-2023-0206 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "24C628AD-CF89-4FD5-B58F-38D150D2F535", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", "versionEndExcluding": "8.2.10", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", "versionEndExcluding": "9.0.4", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "8AF379C7-8910-4C30-882A-4CE9F9C9992C", "versionEndExcluding": "9.0.2209.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018search_listener\u2019 parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment."}], "id": "CVE-2023-22936", "lastModified": "2024-11-21T07:45:40.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-14T18:15:12.460", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0206"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 24C628AD-CF89-4FD5-B58F-38D150D2F535 (string)

versionEndExcluding : 8.1.13 (string)

versionStartIncluding : 8.1.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 4B2A60A4-55C6-4C11-B86D-452CC43D85FF (string)

versionEndExcluding : 8.2.10 (string)

versionStartIncluding : 8.2.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 39FFDC8F-FC45-41E7-8353-D09AAE26F50F (string)

versionEndExcluding : 9.0.4 (string)

versionStartIncluding : 9.0.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8AF379C7-8910-4C30-882A-4CE9F9C9992C (string)

versionEndExcluding : 9.0.2209.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘search_listener’ parameter in a search allows for a blind server-side request forgery (SSRF) by an authenticated user. The initiator of the request cannot see the response without the presence of an additional vulnerability within the environment. (string)

}

]

id : CVE-2023-22936 (string)

lastModified : 2024-11-21T07:45:40.567 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.4 (number)

source : prodsec@splunk.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 6.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-02-14T18:15:12.460 (string)

references : [ »

0 : { »

source : prodsec@splunk.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://advisory.splunk.com/advisories/SVD-2023-0206 (string)

}

1 : { »

source : prodsec@splunk.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://advisory.splunk.com/advisories/SVD-2023-0206 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd (string)

}

]

sourceIdentifier : prodsec@splunk.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-918 (string)

}

]

source : prodsec@splunk.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-918 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object