-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2023.3147
       SVD-2023-0610: Self Cross-Site Scripting (XSS) on Splunk App
                          for Lookup File Editing
                                2 June 2023

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Splunk App
Publisher:         Splunk
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-32715  

Original Bulletin: 
   https://advisory.splunk.com//advisories/SVD-2023-0610

Comment: CVSS (Max):  4.7 CVE-2023-32715 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)
         CVSS Source: Splunk
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

- --------------------------BEGIN INCLUDED TEXT--------------------

Self Cross-Site Scripting (XSS) on Splunk App for Lookup File Editing

Advisory ID: SVD-2023-0610

CVE ID: CVE-2023-32715

Published: 2023-06-01

Last Update: 2023-06-01

CVSSv3.1 Score: 4.7, Medium

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Bug ID: LOOKUP-176

Description

A user can insert potentially malicious JavaScript code into the Splunk App for
Lookup File Editing, which causes the code to run on the user's machine.

Solution

Upgrade the Splunk App for Lookup Editing to version 4.0.1 or higher.

Product Status

             Product              Version Component    Affected     Fix Version
                                                        Version
Splunk App for Lookup File        4.0               4.0 and lower   4.0.1
Editing

Mitigations and Workarounds

Disable the Splunk App for Lookup File Editing if you do not require it and
cannot upgrade it. If users do not log in to Splunk Web on indexers in a
distributed environment, disable Splunk Web on those indexers. See Disable
unnecessary Splunk Enterprise components and the web.conf configuration
specification file in the Splunk documentation for more information on
disabling Splunk Web.

Detections

None

Severity

Splunk rated this vulnerability as Medium, 4.7, with a CVSSv3.1 vector of
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZHmJ28kNZI30y1K9AQiVfRAAoHtPrS8K4Tx94NUxmC+bK0re0ZAGgIcX
erGMTHfqUIdbkPznvVENe1QTOkkuS8OkEu/M4XBxsBKP8bmi8RxwD+P6oFN90HjI
U2am3KYetr6VnBvi7sGx9F5clj4n8U5CZXqKKW+MuxCNOM7krINGrg27dD1N8uqP
pRJhKT+23YEIQ36x4GB1ZOOqZZSO6mSUiOzxhCXS4lWgUWmEogrW3Zi0rHhsCq/H
9t5q9CyTzeORvI4mvD5tqvQZlmqIwadkFhz5GsS7beklqt56BGusk2DBxZqPhfN3
fVrD/1+5RVgcB2TEL4GtVsjp5zbXkjXkt7srSn+TYqsIE0W6Amm1tUYYRYOZ1EWX
NF56OBBcTu0T5rdLtevhDxSo7cNnZfJ/hUhI1cDYtcZSbVy5X+Sl70QeqmmK8uv4
/wHMMOjIWm4O5YnYgS7Bwdo5NykfPJsq7u7Kg7+VldqnOzh0ZBDuH8nh9EQtrc4t
KRvpWvpm+jGikPDWd/lQD9iXSWbzfXsG5vbNmfVB29UUNEbqRfx1bqS/NJZ2Kybg
V09OzkN1FDs3ipKStMhaFuj7ebu0HnfJwMLjDBT/qETu6HY52KTnuVUlA9sltpun
7y07glDn+3EXK3ZZ/dYhsNhGkmgrPKQlfNmPsuF5Kjk9HDV5H3x52q1K4gRLmqeQ
+4UFo9eHPIw=
=StC1
-----END PGP SIGNATURE-----