CVE-2023-32709 - OpenCVE

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk Splunk Cloud Platform

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2023-0604
https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2023-06-01T16:34:30.933Z

Updated: 2024-08-02T15:25:37.020Z

Reserved: 2023-05-11T20:55:59.871Z

Link: CVE-2023-32709

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-06-01T17:15:10.227

Modified: 2024-04-10T01:15:13.600

Link: CVE-2023-32709

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32709", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-05-11T20:55:59.871Z", "datePublished": "2023-06-01T16:34:30.933Z", "dateUpdated": "2024-08-02T15:25:37.020Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "8.1", "status": "affected", "versionType": "custom", "lessThan": "8.1.14"}, {"version": "8.2", "status": "affected", "versionType": "custom", "lessThan": "8.2.11"}, {"version": "9.0", "status": "affected", "versionType": "custom", "lessThan": "9.0.5"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "9.0.2303.100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."}], "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0604"}, {"url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/"}], "title": "Low-privileged User can View Hashed Default Splunk Password", "datePublic": "2023-06-01T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cvw", "description": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.", "cweId": "CWE-285"}]}], "source": {"advisory": "SVD-2023-0604"}, "credits": [{"lang": "en", "value": "Anton (therceman)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2024-07-01T16:57:48.927Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.020Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0604", "tags": ["x_transferred"]}, {"url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "285DAAE6-0931-41DA-A64A-25ED6A3BE2C5", "versionEndExcluding": "8.1.14", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "E924894C-6C74-4F3B-B8FC-B3FDA0F487F3", "versionEndExcluding": "8.2.11", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4FF90BE2-6E2E-41F7-A77E-7547CBDD8596", "versionEndExcluding": "9.0.5", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F2BD15-F25B-488B-B2AC-AD33239B4A27", "versionEndExcluding": "9.0.2303.100", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."}], "id": "CVE-2023-32709", "lastModified": "2024-04-10T01:15:13.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "prodsec@splunk.com", "type": "Secondary"}]}, "published": "2023-06-01T17:15:10.227", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0604"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "prodsec@splunk.com", "type": "Secondary"}]}