CVE-2023-32713

Published: Jun 1, 2023Modified: Nov 21, 2024

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.

Affected (1)

Products: Splunk: Splunk App For Stream

1 product

Splunk App For Stream

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk App For Stream	Before 8.1.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://advisory.splunk.com/advisories/SVD-2023-0607

Source: prodsec@splunk.com

Vendor Advisory

https://advisory.splunk.com/advisories/SVD-2023-0607

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.