Unauthenticated RSS Feed Overwrite Vulnerability in Splunk Enterprise

CVE-2023-22931 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default.

Learn more about our External Network Penetration Testing.