Hello,
Splunk published multiple vulnerabilities on June 1st. Reading through the documentation of every vulnerability found. The Product Status states that the fix version is Splunk Cloud 9.0.2303.100. Would that mean that we would not need to worry about the vulnerabilities anymore?
Hi
you should look those from https://advisory.splunk.com/advisories. This https://advisory.splunk.com/advisories/SVD-2023-0615 told what issues have fixed with 9.0.2303.100 version.
r. Ismo
Hi
you should look those from https://advisory.splunk.com/advisories. This https://advisory.splunk.com/advisories/SVD-2023-0615 told what issues have fixed with 9.0.2303.100 version.
r. Ismo
Thank you for the quick response!
Correct me if I'm wrong, but https://advisory.splunk.com/advisories/SVD-2023-0615 is a list of third party packages with CVEs that were fixed.
How about this CVE: SVD-2023-0611 | Splunk Vulnerability Disclosure which was stated in the Product Status section that the fix version is 9.0.2303.100? Is my understanding correct that version 9.0.2303.100 remediates this CVE?
You are correct those 3 first lines are for third party libraries fixed on splunk versions.
For Splunk Cloud splunk's service promise is:
For Splunk Cloud Platform, Splunk is actively monitoring and patching affected instances.
So when you have the latest SC version all known and available patches / work arounds should be fixed on that version. On site you must keep track of those versions and patch those as soon as Splunk has publish a new version or work around instructions for specific issue.