Splunk 產品多個漏洞

影響

• 跨網站指令碼
• 資料洩露
• 繞過保安限制
• 阻斷服務
• 權限提升

受影響之系統或技術

• Splunk App for Lookup File Editing: 4.0 及 以前版本
• Splunk App for Stream: Streamfwd 8.1 及 以前版本
• Splunk Cloud Platform: Splunk Web 9.0.2303 及 以前版本
• Splunk Enterprise: Splunk Web 8.1.0 至 8.1.13
• Splunk Enterprise: Splunk Web 8.2.0 至 8.2.10
• Splunk Enterprise: Splunk Web 9.0.0 至 9.0.4

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝供應商提供的修補程式：

• https://advisory.splunk.com/advisories/SVD-2023-0601
• https://advisory.splunk.com/advisories/SVD-2023-0602
• https://advisory.splunk.com/advisories/SVD-2023-0603
• https://advisory.splunk.com/advisories/SVD-2023-0604
• https://advisory.splunk.com/advisories/SVD-2023-0605
• https://advisory.splunk.com/advisories/SVD-2023-0606
• https://advisory.splunk.com/advisories/SVD-2023-0607
• https://advisory.splunk.com/advisories/SVD-2023-0608
• https://advisory.splunk.com/advisories/SVD-2023-0609
• https://advisory.splunk.com/advisories/SVD-2023-0610
• https://advisory.splunk.com/advisories/SVD-2023-0611
• https://advisory.splunk.com/advisories/SVD-2023-0612

漏洞識別碼

• CVE-2023-32706
• CVE-2023-32707
• CVE-2023-32708
• CVE-2023-32709
• CVE-2023-32710
• CVE-2023-32711
• CVE-2023-32712
• CVE-2023-32713
• CVE-2023-32714
• CVE-2023-32715
• CVE-2023-32716
• CVE-2023-32717

資料來源

• AusCERT
• Splunk

相關連結

• https://advisory.splunk.com/advisories/SVD-2023-0601
• https://advisory.splunk.com/advisories/SVD-2023-0602
• https://advisory.splunk.com/advisories/SVD-2023-0603
• https://advisory.splunk.com/advisories/SVD-2023-0604
• https://advisory.splunk.com/advisories/SVD-2023-0605
• https://advisory.splunk.com/advisories/SVD-2023-0606
• https://advisory.splunk.com/advisories/SVD-2023-0607
• https://advisory.splunk.com/advisories/SVD-2023-0608
• https://advisory.splunk.com/advisories/SVD-2023-0609
• https://advisory.splunk.com/advisories/SVD-2023-0610
• https://advisory.splunk.com/advisories/SVD-2023-0611
• https://advisory.splunk.com/advisories/SVD-2023-0612