CVE-2023-32709

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100

Description A low-privileged user with the user role can access the hashed version of the initial user name and password for the Splunk instance. This is achieved by using the rest SPL command against the "conf-user-seed" REST endpoint.

Recommendations For Splunk Enterprise versions prior to 9.0.5, update to version 9.0.5 or later. For Splunk Enterprise versions prior to 8.2.11, update to version 8.2.11 or later. For Splunk Enterprise versions prior to 8.1.14, update to version 8.1.14 or later. For Splunk Cloud Platform versions prior to 9.0.2303.100, update to version 9.0.2303.100 or later. As a temporary workaround, consider restricting access to the "conf-user-seed" REST endpoint for low-privileged users until a patch is applied.