November 2023 Third-Party Package Updates in Splunk Cloud Platform

Advisory ID: SVD-2023-1106

CVE ID:  Multiple

Published: 2023-11-16

Last Update: 2024-01-11


Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 9.1.2308.100 of Splunk Cloud Platform.

bottleUpgraded to 0.12.25CVE-2022-31799Critical
pythonUpgraded to 3.7.17CVE-2023-24329High
opensslUpgraded to 1.0.2ziCVE-2023-3817Low
opensslUpgraded to 1.0.2ziCVE-2023-3446Low


Splunk is actively upgrading and monitoring instances of Splunk Cloud Platform.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Cloud-Splunk WebBelow 9.1.23089.1.2308.100


For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.


  • 2024-01-11: Updated fixed version from 9.1.2308 to 9.1.2308.100 for clarity.

  • 2023-12-12: Corrected the title