CVE-2023-32709Improper Authorization in Cloud Platform

CWE-285Improper Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedJun 1
Latest updateJul 6

Description

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform-9.0.2303.100
NVDsplunk/splunk_cloud_platform< 9.0.2303.100
CVEListV5splunk/splunk_enterprise8.18.1.14+2
NVDsplunk/splunk8.1.08.1.14+2

🔴Vulnerability Details

2
GHSA
GHSA-qgj7-qp4f-2mg6: In Splunk Enterprise versions below 92023-07-06
CVEList
Low-privileged User can View Hashed Default Splunk Password2023-06-01
CVE-2023-32709 — Improper Authorization in Splunk | cvebase