vulnerability
Splunk: CVE-2023-22940: SPL Command Safeguards Bypass via the ‘collect’ SPL Command Aliases in Splunk Enterprise
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:S/C:C/I:P/A:N) | Feb 14, 2023 | Apr 7, 2025 | Oct 31, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:S/C:C/I:P/A:N)
Published
Feb 14, 2023
Added
Apr 7, 2025
Modified
Oct 31, 2025
Description
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.
Solution
splunk-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.