CVE-2023-32717 MEDIUM

CVE-2023-32717: Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results

Vendor Splunk

Product Splunk Enterprise

Weakness CWE-285

Published June 1, 2023

Last update February 28, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.

Key dates

02Disclosure timeline

June 1, 2023 CVE published

February 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32717 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2023-32717

CWE CWE-285

CVSS 4.3 / MEDIUM

Affected versions

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 8.1 and < 8.1.14

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 8.2 and < 8.2.11

Vendor Splunk

Product Splunk Enterprise

Affected ≥ 9.0 and < 9.0.5

Vendor Splunk

Product Splunk Cloud Platform

Affected ≥ - and < 9.0.2303.100

CVE-2023-32717: Role-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search Results

01Description

02Disclosure timeline

03References

04Related CVE