August 2023 Third Party Package Updates in Splunk Enterprise
Advisory ID: SVD-2023-0808
CVE ID: Multiple
Published: 2023-08-30
Last Update: 2024-02-14
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| decode-uri-component | Upgraded to 6.0.0 | CVE-2022-38900 | High |
| got | Upgraded to 12.5.3 | CVE-2022-33987 | Medium |
| loader-utils | Upgraded to 1.4.2 | CVE-2022-37601 | Critical |
| postcss | Upgraded to 7.0.37 | CVE-2021-23382 | High |
| color-string | Upgraded to 1.5.5 | CVE-2021-29060 | Medium |
| decode-uri-component | Upgraded to 0.2.1 | CVE-2022-38900 | High |
| glob-parent | Upgraded to 5.1.2 | CVE-2020-28469 | High |
| loader-utils | Upgraded to 2.0.4 | CVE-2022-37599 | High |
| loader-utils | Upgraded to 2.0.4 | CVE-2022-37601 | Critical |
| loader-utils | Upgraded to 2.0.4 | CVE-2022-37603 | High |
| minimatch | Upgraded to 3.0.5 | CVE-2022-3517 | High |
| moment | Upgraded to 2.29.4 | CVE-2022-31129 | High |
| nth-check | Upgraded to 2.0.1 | CVE-2021-3803 | High |
| path-parse | Upgraded to 1.0.7 | CVE-2021-23343 | High |
| qs | Upgraded to 6.5.3 | CVE-2022-24999 | High |
| http-cache-semantics | Upgraded to 4.1.1 | CVE-2022-25881 | High |
| jackson-databind | Upgraded to 2.13.5 | CVE-2022-42003 | High |
| jackson-databind | Upgraded to 2.13.5 | CVE-2022-42004 | High |
| jquery-ui | Upgraded to 1.13.2 | CVE-2021-41182 | Medium |
| jquery-ui | Upgraded to 1.13.2 | CVE-2021-41183 | Medium |
| jquery-ui | Upgraded to 1.13.2 | CVE-2021-41184 | Medium |
| json5 | Upgraded to 1.0.2 | CVE-2022-46175 | High |
| libarchive | Upgraded to 3.6.2 | CVE-2022-36227 | Critical |
| libarchive | Upgraded to 3.6.2 | CVE-2021-31566 | High |
| libarchive | Upgraded to 3.6.2 | CVE-2021-36976 | Medium |
| lz4 | Upgraded to. 1.9.4 | CVE-2021-3520 | Critical |
| pcre2 | Upgraded to 10.40 | CVE-2020-14155 | Medium |
| pcre2 | Upgraded to 10.40 | CVE-2019-20454 | High |
| pcre2 | Upgraded to 10.40 | CVE-2019-20838 | High |
| sqlite | Upgraded to 3.41.2 | CVE-2022-35737 | High |
| certifi | Patched* | CVE-2022-23491 | High |
| certifi | Upgraded to 2023.5.7** | CVE-2022-23491 | High |
| curl | Upgraded to 8.0.1*** | Multiple | High |
| go | Updated golang in mongotools**** | Multiple | Critical |
| libxslt | Patched***** | CVE-2021-30560 | High |
| lxml | Patched****** | CVE-2022-2309 | High |
*Splunk patched CVE-2022-23491 in $SPLUNK_HOME/lib/python3.7/site-packages/certifi by backporting the cacert.pem from certifi 2022.12.7 to 2019.6.16.
**Splunk upgraded the certifi version in the Splunk Secure Gateway app to 2023.5.7 to remediate CVE-2022-23491.
***The golang update for mongotools (mongodump and mongorestore) remediated multiple CVEs including CVE-2020-29652, CVE-2021-38561, CVE-2021-39293, CVE-2021-41771, CVE-2021-41772, CVE-2021-43565, CVE-2022-23772, CVE-2022-23806, CVE-2022-24675, CVE-2022-24921, CVE-2022-27191, CVE-2022-28131, CVE-2022-28327, CVE-2022-2879, CVE-2022-2880, CVE-2022-29804, CVE-2022-30580, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32149, CVE-2022-32189, CVE-2022-41715, CVE-2022-41716, and CVE-2022-41720.
****The curl update remediate multipe CVEs including CVE-2023-27538, CVE-2023-27537, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-23916, CVE-2023-23915, CVE-2023-23914, CVE-2022-43552, CVE-2022-43551, CVE-2022-42916, CVE-2022-42915, CVE-2022-35260, CVE-2022-32221, CVE-2022-35252, CVE-2022-32208, CVE-2022-32207, CVE-2022-32206, CVE-2022-32205, CVE-2022-30115, CVE-2022-27782, CVE-2022-27781, CVE-2022-27780, CVE-2022-27779, CVE-2022-27778, CVE-2022-27776, CVE-2022-27775, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2021-22946, CVE-2021-22945, CVE-2021-22926, CVE-2021-22925, CVE-2021-22924, CVE-2021-22923, CVE-2021-22922, CVE-2021-22901, CVE-2021-22898, CVE-2021-22897, CVE-2021-22890, CVE-2021-22876, CVE-2020-8286, CVE-2020-8285, CVE-2020-8284, CVE-2020-8231, CVE-2020-8177, and CVE-2020-8169.
*****Splunk applied the patch from https://gitlab.gnome.org/GNOME/libxslt/-/commit/50f9c9c to libxslt version 1.1.34.
******Splunk applied the patch from https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f to lxml version 4.6.5.
Solution
For Splunk Enterprise, upgrade versions to 8.2.12, 9.0.6, or 9.1.1.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Enterprise | 8.2 | 8.2.0 to 8.2.11 | 8.2.12 |
| Splunk Enterprise | 9.0 | 9.0.0 to 9.0.5 | 9.0.6 |
| Splunk Enterprise | 9.1 | 9.1.0 | 9.1.1 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.
Changelog
2024-01-09: Removed CVE-2022-40023 from list. See SVD-2023-0613 for more info. Added CVE-2022-23491 to the list twice.
2023-02-14: Re-added libxslt and lxml CVEs