Lucene search
PRIOn knowledge basePRION:CVE-2023-32707HistoryJun 01, 2023 - 5:15 p.m.
Code injection
2023-06-0117:15:00
PRIOn knowledge base
www.prio-n.com
23
splunk
code injection
vulnerability
privilege escalation
web requests
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
Related
nvd
nvd
CVE-2023-32707
2023-06-01 17:15:10
metasploit
metasploit
Splunk "edit_user" Capability Privilege Escalation
2023-09-13 15:19:42
cvelist
cvelist
CVE-2023-32707 ‘edit_user’ Capability Privilege Escalation
2023-06-01 16:34:30
packetstorm
packetstorm
Splunk Enterprise Account Takeover
2023-09-11 00:00:00
Splunk edit_user Capability Privilege Escalation
2023-10-27 00:00:00
cve
cve
CVE-2023-32707
2023-06-01 17:15:10
zdt
zdt
Splunk edit_user Capability Privilege Escalation Exploit
2023-10-30 00:00:00
Splunk Enterprise Account Takeover Exploit
2023-09-11 00:00:00
nessus
nessus
githubexploit
githubexploit
Exploit for Improper Authorization in Splunk
2023-11-14 04:06:08
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-10-27 18:46:55
exploitdb
exploitdb
Splunk 9.0.5 - admin account take over
2023-10-09 00:00:00