Описание
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-32707
- https://advisory.splunk.com/advisories/SVD-2023-0602
- https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593
- http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html
- http://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html
Связанные уязвимости
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
Уязвимость файла конфигурации authorize.conf платформы для операционного анализа Splunk Enterprise, позволяющая нарушителю повысить свои привилегии