June Third Party Package Updates in Splunk Cloud
Advisory ID: SVD-2023-0615
Published: 2023-06-01
Last Update: 2023-06-01
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Cloud, including the following:
| CVE | Package | Remediation | Severity |
|---|---|---|---|
| CVE-2022-40303 | libxml2 | Patched | High |
| CVE-2022-40304 | libxml2 | Patched | High |
| CVE-2022-23491 | certifi | Upgraded to 2022.12.7 | High |
| CVE-2022-43680 | python3 | Upgraded to 3.7.16 | High |
| CVE-2023-0286 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | High |
| CVE-2023-0215 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | High |
| CVE-2022-4304 | OpenSSL 1.0.2 | Upgraded to 1.0.2zg | Medium |
| CVE-2022-33987 | got | Upgraded to 12.5.3 | Medium |
Solution
For Splunk Cloud Platform, Splunk is actively patching and monitoring the Splunk Cloud instances.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Cloud | - | 9.0.2303 and lower | 9.0.2303.100 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) CVSS rating to align with industry standards.