{"vulnerability": "CVE-2023-3270", "sightings": [{"uuid": "49f75ea7-11f5-49f3-b0e5-dca971b41254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:54.000000Z"}, {"uuid": "65f9571b-1401-47bb-8b31-d3f12b589007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "8a939650-45f9-466c-a02a-9e527109f6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "81c09a7c-35af-40cc-80ac-f63784817630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32708", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5875", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32708\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the \u2018rest\u2019 SPL command that lets them potentially access other REST endpoints in the system arbitrarily.\n\ud83d\udccf Published: 2023-06-01T16:34:27.126Z\n\ud83d\udccf Modified: 2025-02-28T11:03:58.212Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0603\n2. https://research.splunk.com/application/e615a0e1-a1b2-4196-9865-8aa646e1708c/", "creation_timestamp": "2025-02-28T11:26:10.000000Z"}, {"uuid": "bea932d0-0b75-4522-b721-f370744f4f6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32709", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/832", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32709\n\ud83d\udd39 Description: In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint.\n\ud83d\udccf Published: 2023-06-01T16:34:30.933Z\n\ud83d\udccf Modified: 2025-01-08T21:01:15.599Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0604\n2. https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/", "creation_timestamp": "2025-01-08T21:13:19.000000Z"}, {"uuid": "46c1bb21-ccce-4bc4-bb47-962330a34434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb", "content": "", "creation_timestamp": "2023-10-26T15:49:41.000000Z"}, {"uuid": "50e7c653-e439-4ebb-9b25-b07ff91523db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32707\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.\n\ud83d\udccf Published: 2023-06-01T16:34:30.607Z\n\ud83d\udccf Modified: 2025-02-28T11:03:56.837Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0602\n2. https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", "creation_timestamp": "2025-02-28T11:26:17.000000Z"}, {"uuid": "f2e03328-a681-48e7-adc9-31917b9c4d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/922", "content": "\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0650 \u0645\u062d\u0635\u0648\u0644 \u0645\u062d\u0628\u0648\u0628 \u0627\u0633\u067e\u0644\u0627\u0646\u06a9 (Splunk Enterprise) \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 CVE-2023-32707\u060c \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u062a\u0635\u0627\u062d\u0628 \u0627\u06a9\u0627\u0646\u062a \u0627\u062f\u0645\u06cc\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0633\u0627\u0632\u062f.\n\n\u0627\u06cc\u0646 \u06a9\u062f \u06a9\u0647 \u0628\u0647 \u0632\u0628\u0627\u0646 \u067e\u0627\u06cc\u062a\u0648\u0646 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0627\u0631\u062f \u0648 \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u062d\u062a\u0645\u0627 \u0633\u0627\u0645\u0627\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0628\u0647\u200c\u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0645\u0627\u0626\u06cc\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n&gt; 8.1.0 to 8.1.13\n&gt; 8.2.0 to 8.2.10\n&gt; 9.0.0 to 9.0.4\n\n\u0644\u06cc\u0646\u06a9 \u062f\u0627\u0646\u0644\u0648\u062f: https://www.exploit-db.com/exploits/51747", "creation_timestamp": "2023-12-21T14:40:28.000000Z"}, {"uuid": "0a4a3464-c927-468d-8326-1312aee4f023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/arpsyndicate/178", "content": "#ExploitObserverAlert\n\nCVE-2023-32707\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32707. In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.\n\nFIRST-EPSS: 0.745070000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T02:18:11.000000Z"}, {"uuid": "563a71d2-d4c9-4db8-8acb-6d5ab542a801", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32700", "type": "seen", "source": "Telegram/g2xjaFir47riLEIt8aj_VNjy4RPUptu_MaW9_Sm8naEn_PJ6", "content": "", "creation_timestamp": "2025-02-01T17:28:10.000000Z"}, {"uuid": "0111364b-0b79-4c68-92f6-6712c1481134", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3270", "type": "seen", "source": "https://t.me/cibsecurity/66288", "content": "\u203c CVE-2023-3270 \u203c\n\nExposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-10T20:30:15.000000Z"}, {"uuid": "8e576d71-8b75-487f-b994-6720c4625eb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32706", "type": "seen", "source": "https://t.me/true_secator/4461", "content": "Splunk \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u043c.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-32707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 edit_user \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e edit_user \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 grantableRoles \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 authorize.conf, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2023-32706 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 DoS \u0432 \u0434\u0435\u043c\u043e\u043d\u0435 Splunk \u0438 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u043e\u0433\u0434\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440 XML \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Splunk Enterprise, \u2014 \u044d\u0442\u043e CVE-2023-32708, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043e\u0442\u0432\u0435\u0442\u043e\u0432 HTTP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c REST \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0435\u043d\u0442.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Libxml2, OpenSSL, Curl, Libarchive, SQLite, Go \u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u0434\u0440\u0443\u0433\u0438\u0445.\u00a0\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043b\u0435\u0442.\n\n\u0412\u0441\u0435 \u044d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Splunk Enterprise 8.1.14, 8.2.11 \u0438 9.0.5.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Splunk \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432 Splunk Universal Forwarders \u0438 Splunk Cloud.", "creation_timestamp": "2023-06-05T13:15:52.000000Z"}, {"uuid": "705bf2fc-d0cb-4ddf-99e8-51a897678ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/true_secator/4461", "content": "Splunk \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u043c.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-32707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 edit_user \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e edit_user \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 grantableRoles \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 authorize.conf, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2023-32706 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 DoS \u0432 \u0434\u0435\u043c\u043e\u043d\u0435 Splunk \u0438 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u043e\u0433\u0434\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440 XML \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Splunk Enterprise, \u2014 \u044d\u0442\u043e CVE-2023-32708, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043e\u0442\u0432\u0435\u0442\u043e\u0432 HTTP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c REST \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0435\u043d\u0442.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Libxml2, OpenSSL, Curl, Libarchive, SQLite, Go \u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u0434\u0440\u0443\u0433\u0438\u0445.\u00a0\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043b\u0435\u0442.\n\n\u0412\u0441\u0435 \u044d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Splunk Enterprise 8.1.14, 8.2.11 \u0438 9.0.5.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Splunk \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432 Splunk Universal Forwarders \u0438 Splunk Cloud.", "creation_timestamp": "2023-06-05T13:15:52.000000Z"}, {"uuid": "bd083ed2-16ef-4221-9cbd-8e6ef45883ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32708", "type": "seen", "source": "https://t.me/true_secator/4461", "content": "Splunk \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u043c.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-32707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 edit_user \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e edit_user \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 grantableRoles \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 authorize.conf, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2023-32706 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 DoS \u0432 \u0434\u0435\u043c\u043e\u043d\u0435 Splunk \u0438 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u043e\u0433\u0434\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440 XML \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Splunk Enterprise, \u2014 \u044d\u0442\u043e CVE-2023-32708, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043e\u0442\u0432\u0435\u0442\u043e\u0432 HTTP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c REST \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0435\u043d\u0442.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Libxml2, OpenSSL, Curl, Libarchive, SQLite, Go \u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u0434\u0440\u0443\u0433\u0438\u0445.\u00a0\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043b\u0435\u0442.\n\n\u0412\u0441\u0435 \u044d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Splunk Enterprise 8.1.14, 8.2.11 \u0438 9.0.5.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Splunk \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432 Splunk Universal Forwarders \u0438 Splunk Cloud.", "creation_timestamp": "2023-06-05T13:15:52.000000Z"}, {"uuid": "f4569730-6522-4235-8962-9df3fc8994fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9287", "content": "#exploit\n1. CVE-2023-32707:\nSplunk edit_user Capability Privilege Escalation\nhttps://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html\n\n2. Exploit for Maltrail web service v0.53 - \nUnauth OS Command Injection (RCE)\nhttps://github.com/spookier/Maltrail-v0.53-Exploit\n\n3. CVE-2023-46517:\nXAMPP 3.3.0 Buffer Overflow Exploit\nhttps://github.com/ripp3rdoc/XAMPPv3.3.0-BOF", "creation_timestamp": "2023-10-31T00:10:29.000000Z"}, {"uuid": "8cbc18bd-a655-4d60-891e-15c193ff00a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32700", "type": "seen", "source": "https://t.me/cibsecurity/64490", "content": "\u203c CVE-2023-32700 \u203c\n\nLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-20T22:24:07.000000Z"}, {"uuid": "92aa0c37-312a-47f0-87d3-c785919d2775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1585", "content": "#exploit\n1. CVE-2023-32707:\nSplunk edit_user Capability Privilege Escalation\nhttps://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html\n\n2. Exploit for Maltrail web service v0.53 - \nUnauthenticated OS Command Injection (RCE)\nhttps://github.com/spookier/Maltrail-v0.53-Exploit\n\n3. CVE-2023-46517:\nXAMPP 3.3.0 Buffer Overflow Exploit\nhttps://github.com/ripp3rdoc/XAMPPv3.3.0-BOF", "creation_timestamp": "2024-08-16T08:43:26.000000Z"}]}