CVE-2023-32707

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100

Description A low-privileged user with the edit user capability can escalate their privileges to that of the admin user by providing specially crafted web requests. The issue is related to authorization procedure weaknesses in the authorize.conf configuration file. This can allow a remote attacker to elevate their privileges.

Recommendations For Splunk Enterprise versions prior to 9.0.5, update to version 9.0.5 or later. For Splunk Enterprise versions prior to 8.2.11, update to version 8.2.11 or later. For Splunk Enterprise versions prior to 8.1.14, update to version 8.1.14 or later. For Splunk Cloud Platform versions prior to 9.0.2303.100, update to version 9.0.2303.100 or later. As a temporary workaround, consider restricting the edit user capability to prevent privilege escalation until a patch is applied.