CVE-2023-32707 - Vulnerability Details - OpenCVE

Description

In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.

Published: 2023-06-01

Score: 8.8 High

EPSS: 82.7% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Splunk

Splunk Enterprise

affected

Version	Status	Constraints
`8.1`	affected	< 8.1.14
`8.2`	affected	< 8.2.11
`9.0`	affected	< 9.0.5

Splunk

Splunk Cloud Platform

affected

Version	Status	Constraints
`-`	affected	< 9.0.2303.100

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.82677.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2023-0602
https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/

History

Tue, 11 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Splunk Splunk Splunk Cloud Platform

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-06-01T16:34:30.607Z

Updated: 2025-03-11T15:02:44.575Z

Reserved: 2023-05-11T20:55:59.871Z

Link: CVE-2023-32707

Vulnrichment

Updated: 2024-08-02T15:25:37.042Z

NVD

Status : Modified

Published: 2023-06-01T17:15:10.117

Modified: 2024-11-21T08:03:53.250

Link: CVE-2023-32707

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32707", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-05-11T20:55:59.871Z", "datePublished": "2023-06-01T16:34:30.607Z", "dateUpdated": "2025-03-11T15:02:44.575Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.1", "status": "affected", "versionType": "custom", "lessThan": "8.1.14"}, {"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.11"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.5"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2303.100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."}], "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0602"}, {"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"}], "title": "\u2018edit_user\u2019 Capability Privilege Escalation", "datePublic": "2023-06-01T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", "cweId": "CWE-285"}]}], "source": {"advisory": "SVD-2023-0602"}, "credits": [{"lang": "en", "value": "Mr Hack (try_to_hack) Santiago Lopez"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:56.837Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.042Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0602", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T15:27:23.298660Z", "id": "CVE-2023-32707", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-11T15:02:44.575Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32707", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-05-11T20:55:59.871Z", "datePublished": "2023-06-01T16:34:30.607Z", "dateUpdated": "2025-03-11T15:02:44.575Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.1", "status": "affected", "versionType": "custom", "lessThan": "8.1.14"}, {"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.11"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.5"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2303.100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."}], "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0602"}, {"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"}], "title": "\u2018edit_user\u2019 Capability Privilege Escalation", "datePublic": "2023-06-01T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", "cweId": "CWE-285"}]}], "source": {"advisory": "SVD-2023-0602"}, "credits": [{"lang": "en", "value": "Mr Hack (try_to_hack) Santiago Lopez"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:56.837Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.042Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0602", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-06T15:27:23.298660Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T15:27:24.756Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", "versionEndExcluding": "8.1.14", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", "versionEndExcluding": "8.2.11", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", "versionEndExcluding": "9.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27", "versionEndExcluding": "9.0.2303.100", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise anteriores a 9.0.5, 8.2.11 y 8.1.14, y de Splunk Cloud Platform anteriores a la versi\u00f3n 9.0.2303.100, un usuario con pocos privilegios que tenga un rol que tenga asignada la capacidad de \"edit_user\" puede escalar sus privilegios a los del usuario administrador proporcionando solicitudes web especialmente manipuladas."}], "id": "CVE-2023-32707", "lastModified": "2024-11-21T08:03:53.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-01T17:15:10.117", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0602"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}