Try_To_Hack

**Name of the Vulnerable Software and Affected Versions** Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 **Description** A low-privileged user with the `edit user` capability can escalate their privileges to that of the admin user by providing specially crafted web requests. The issue is related to authorization procedure weaknesses in the authorize.conf configuration file. This can allow a remote attacker to elevate their privileges. **Recommendations** For Splunk Enterprise versions prior to 9.0.5, update to version 9.0.5 or later. For Splunk Enterprise versions prior to 8.2.11, update to version 8.2.11 or later. For Splunk Enterprise versions prior to 8.1.14, update to version 8.1.14 or later. For Splunk Cloud Platform versions prior to 9.0.2303.100, update to version 9.0.2303.100 or later. As a temporary workaround, consider restricting the `edit user` capability to prevent privilege escalation until a patch is applied.

**Nome do software vulnerável e versões afetadas** Versões do Splunk Enterprise anteriores à 8.1.12 Versões do Splunk Enterprise anteriores à 8.2.9 Versões do Splunk Enterprise anteriores à 9.0.2 **Descrição** A vulnerabilidade permite que um usuário remoto com a função “power” no Splunk armazene scripts arbitrários, levando a um cross-site scripting (XSS) persistente. Isso afeta instâncias nas quais o Splunk Web está habilitado. **Recomendações** Para versões anteriores à 8.1.12, atualize para a versão 8.1.12 ou posterior. Para versões anteriores à 8.2.9, atualize para a versão 8.2.9 ou posterior. Para versões anteriores à 9.0.2, atualize para a versão 9.0.2 ou posterior.