Description
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Splunk / Splunk Cloud Platform9.0.2303.100
- Splunk / Splunk Enterprise8.1 – 8.1.14
- Splunk / Splunk Enterprise8.2 – 8.2.11
- Splunk / Splunk Enterprise9.0 – 9.0.5