Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Feb 28, 2025
SPL Command Safeguards Bypass via the ‘pivot’ SPL Command in Splunk Enterprise
CVE-2023-22934
Description
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<9.0.4+ 1 more
- (no CPE)range: <9.0.4
- (no CPE)range: 8.1
- Range: -
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.