CVE-2023-32707

‘edit_user’ Capability Privilege Escalation

CVSS 8.8 HIGHEPSS 73.5%CWE-285

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Splunk · Splunk Cloud Platform Splunk · Splunk Enterprise

public PoCs found — 2

githubgithub.com/9xN/CVE-2023-32707★ 2 exploitdbwww.exploit-db.com/exploits/51747unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://advisory.splunk.com/advisories/SVD-2023-0602 https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/