CVE-2023-32707

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.

Published: Jun 1, 2023
Updated: Jun 8, 2023
CVE: CVE-2023-32707
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
splunk / splunk_cloud_platform	-	9.0.2303.100
splunk / splunk	8.1.0	8.1.14
splunk / splunk	8.2.0	8.2.11
splunk / splunk	9.0.0	9.0.5

http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html
http://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html
https://advisory.splunk.com/advisories/SVD-2023-0602
https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/

Vulnerability Database

289,697

CVE-2023-32707