Unrated severityNVD Advisory· Published Feb 14, 2023· Updated Feb 28, 2025
Cross-Site Request Forgery in the ‘ssg/kvstore_client’ REST Endpoint in Splunk Enterprise
CVE-2023-22942
Description
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<8.1.13, <8.2.10, <9.0.4+ 1 more
- (no CPE)range: <8.1.13, <8.2.10, <9.0.4
- (no CPE)range: 8.1
- Range: <8.1.13, <8.2.10, <9.0.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.