CVE-2023-22942 Information

Description

In Splunk Enterprise versions below 8.1.13 8.2.10 and 9.0.4 a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG App Key Value Store (KV store) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.

Reference

https://research.splunk.com/application/4742d5f7-ce00-45ce-9c79-5e98b43b4410/ https://advisory.splunk.com/advisories/SVD-2023-0212