Path Traversal in Splunk App for Lookup File Editing

Advisory ID: SVD-2023-0608

CVE ID: CVE-2023-32714

Published: 2023-06-01

Last Update: 2023-06-01

CVSSv3.1 Score: 8.1, High

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-35

Bug ID: LOOKUP-177

Description

A low-privileged user with access to the Splunk App for Lookup File Editing can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.

Solution

Upgrade the Splunk App for Lookup Editing to version 4.0.1 or higher.

Product Status

Product	Version	Component	Affected Version	Fix Version
Splunk App for Lookup File Editing	4.0		4.0 and lower	4.0.1

Mitigations and Workarounds

N/A

Detections

Splunk path traversal in Splunk App for Lookup file edit

This detection search provides information about path traversal exploitation attempts in Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14.

Severity

Splunk rated the vulnerability as High, 8.1, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Acknowledgments

Torjus Bryne Retterstøl, Binary Security