CVE-2023-40597 HIGH

CVE-2023-40597: Absolute Path Traversal in Splunk Enterprise Using runshellscript.py

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-36
Published August 30, 2023
Last update July 1, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

Key dates

02Disclosure timeline

August 30, 2023 CVE published
July 1, 2025 Record updated