{"vulnerability": "CVE-2023-2294", "sightings": [{"uuid": "8294262b-e82b-4c8b-bc29-85c4c608fe69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22941", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5870", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22941\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted \u2018INGEST_EVAL\u2019 parameter in a Field Transformation crashes the Splunk daemon (splunkd).\n\ud83d\udccf Published: 2023-02-14T17:22:37.444Z\n\ud83d\udccf Modified: 2025-02-28T11:03:59.397Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0211\n2. https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/", "creation_timestamp": "2025-02-28T11:26:02.000000Z"}, {"uuid": "68cbd1f3-3714-4d8f-8ddd-450858bc0dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22947", "type": "seen", "source": "https://t.me/cibsecurity/56329", "content": "\u203c CVE-2023-22947 \u203c\n\n** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\\opt (rather than C:\\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that \"We consider the ACLs a best effort thing\" and \"it was a documentation mistake.\"\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-11T07:29:06.000000Z"}, {"uuid": "d3ad68b5-6a74-49bb-a3ba-126338440a4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22945", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10759", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-22945\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.\n\ud83d\udccf Published: 2023-01-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T18:32:19.686Z\n\ud83d\udd17 References:\n1. https://phabricator.wikimedia.org/T321733\n2. https://gerrit.wikimedia.org/r/q/Id1b83fcd58eccb8b2dfea44a3ab2f72314860d88\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AP65YEN762IBNQPOYGUVLTQIDLM5XD2A/", "creation_timestamp": "2025-04-07T18:46:12.000000Z"}, {"uuid": "1b8a34ca-a2c3-4743-bb1a-5b532d25f461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22949", "type": "seen", "source": "https://t.me/arpsyndicate/2345", "content": "#ExploitObserverAlert\n\nCVE-2023-22949\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-22949. An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.\n\nFIRST-EPSS: 0.000490000\nNVD-IS: 3.6\nNVD-ES: 1.2", "creation_timestamp": "2024-01-03T19:16:26.000000Z"}, {"uuid": "5b6edae2-cfdd-45b9-a623-435f04fdc90c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22949", "type": "seen", "source": "https://t.me/cibsecurity/62153", "content": "\u203c CVE-2023-22949 \u203c\n\nAn issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T18:25:58.000000Z"}, {"uuid": "c2e67fcb-4efb-4e48-9810-96f341214ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22945", "type": "seen", "source": "https://t.me/cibsecurity/56333", "content": "\u203c CVE-2023-22945 \u203c\n\nIn the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-11T14:03:38.000000Z"}, {"uuid": "69ab5f10-c54c-443b-b9dc-4b62796e685a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22946", "type": "seen", "source": "https://t.me/cibsecurity/62264", "content": "\u203c CVE-2023-22946 \u203c\n\nIn Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This affects architectures relying on proxy-user, for example those using Apache Livy to manage submitted applications. Update to Apache Spark 3.4.0 or later, and ensure that spark.submit.proxyUser.allowCustomClasspathInClusterMode is set to its default of \"false\", and is not overridden by submitted applications.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-17T12:28:12.000000Z"}, {"uuid": "8c28bac2-4b53-46db-9bda-6e99ba5b3f88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22941", "type": "seen", "source": "https://t.me/cibsecurity/58120", "content": "\u203c CVE-2023-22941 \u203c\n\nIn Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted \u00e2\u20ac\u02dcINGEST_EVAL\u00e2\u20ac\u2122 parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:35:43.000000Z"}, {"uuid": "43b03205-76e5-48f6-b9ff-fd0d8605678e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22940", "type": "seen", "source": "https://t.me/cibsecurity/58136", "content": "\u203c CVE-2023-22940 \u203c\n\nIn Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the \u00e2\u20ac\u02dccollect\u00e2\u20ac\u2122 search processing language (SPL) command, including \u00e2\u20ac\u02dcsummaryindex\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcsumindex\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcstash\u00e2\u20ac\u2122,\u00e2\u20ac\u2122 mcollect\u00e2\u20ac\u2122, and \u00e2\u20ac\u02dcmeventcollect\u00e2\u20ac\u2122, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:36:02.000000Z"}, {"uuid": "b42e1b64-0703-474a-aeb5-ab1b8ff2039b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22942", "type": "seen", "source": "https://t.me/cibsecurity/58135", "content": "\u203c CVE-2023-22942 \u203c\n\nIn Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the \u00e2\u20ac\u02dckvstore_client\u00e2\u20ac\u2122 REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:36:01.000000Z"}, {"uuid": "1b551268-7bdc-4a4c-b842-89714670bccc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-22943", "type": "seen", "source": "https://t.me/cibsecurity/58128", "content": "\u203c CVE-2023-22943 \u203c\n\nIn Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:35:52.000000Z"}]}