November 2023 Third-Party Package Updates in Splunk Cloud Platform
Advisory ID: SVD-2023-1106
CVE ID: Multiple
Published: 2023-11-16
Last Update: 2024-01-11
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 9.1.2308.100 of Splunk Cloud Platform.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| bottle | Upgraded to 0.12.25 | CVE-2022-31799 | Critical |
| python | Upgraded to 3.7.17 | CVE-2023-24329 | High |
| openssl | Upgraded to 1.0.2zi | CVE-2023-3817 | Low |
| openssl | Upgraded to 1.0.2zi | CVE-2023-3446 | Low |
Solution
Splunk is actively upgrading and monitoring instances of Splunk Cloud Platform.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Cloud | - | Splunk Web | Below 9.1.2308 | 9.1.2308.100 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.
Changelog
2024-01-11: Updated fixed version from 9.1.2308 to 9.1.2308.100 for clarity.
2023-12-12: Corrected the title