Vulnerability Description
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Cloud | < 9.1.2308 |
| Splunk | Splunk | >= 9.0.0, < 9.0.7 |
Related Weaknesses (CWE)
References
- https://advisory.splunk.com/advisories/SVD-2023-1103Vendor Advisory
- https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/Vendor Advisory
- https://advisory.splunk.com/advisories/SVD-2023-1103Vendor Advisory
- https://research.splunk.com/application/1030bc63-0b37-4ac9-9ae0-9361c955a3cc/Vendor Advisory
FAQ
What is CVE-2023-46213?
CVE-2023-46213 is a vulnerability with a CVSS score of 4.8 (MEDIUM). In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
How severe is CVE-2023-46213?
CVE-2023-46213 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46213?
Check the references section above for vendor advisories and patch information. Affected products include: Splunk Cloud, Splunk Splunk.