CVE-2023-32709
Last modified
CVE-2023-32709 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Splunk | Splunk | >= 8.1.0, < 8.1.14 |
| Splunk | Splunk | >= 8.2.0, < 8.2.11 |
| Splunk | Splunk | >= 9.0.0, < 9.0.5 |
| Splunk | Splunk Cloud Platform | < 9.0.2303.100 |
References
- https://advisory.splunk.com/advisories/SVD-2023-0604Vendor Advisory
- https://advisory.splunk.com/advisories/SVD-2023-0604Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-32709?
How severe is CVE-2023-32709?
How do I fix CVE-2023-32709?
Are you affected by CVE-2023-32709?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST