{"vulnerability": "CVE-2023-32707", "sightings": [{"uuid": "65f9571b-1401-47bb-8b31-d3f12b589007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "8a939650-45f9-466c-a02a-9e527109f6b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:01.000000Z"}, {"uuid": "49f75ea7-11f5-49f3-b0e5-dca971b41254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:54.000000Z"}, {"uuid": "46c1bb21-ccce-4bc4-bb47-962330a34434", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb", "content": "", "creation_timestamp": "2023-10-26T15:49:41.000000Z"}, {"uuid": "50e7c653-e439-4ebb-9b25-b07ff91523db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5880", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32707\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.\n\ud83d\udccf Published: 2023-06-01T16:34:30.607Z\n\ud83d\udccf Modified: 2025-02-28T11:03:56.837Z\n\ud83d\udd17 References:\n1. https://advisory.splunk.com/advisories/SVD-2023-0602\n2. https://research.splunk.com/application/39e1c326-67d7-4c0d-8584-8056354f6593/", "creation_timestamp": "2025-02-28T11:26:17.000000Z"}, {"uuid": "0a4a3464-c927-468d-8326-1312aee4f023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/arpsyndicate/178", "content": "#ExploitObserverAlert\n\nCVE-2023-32707\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-32707. In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.\n\nFIRST-EPSS: 0.745070000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-11-17T02:18:11.000000Z"}, {"uuid": "f2e03328-a681-48e7-adc9-31917b9c4d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/922", "content": "\u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc\u0650 \u0645\u062d\u0635\u0648\u0644 \u0645\u062d\u0628\u0648\u0628 \u0627\u0633\u067e\u0644\u0627\u0646\u06a9 (Splunk Enterprise) \u0645\u0628\u062a\u0646\u06cc \u0628\u0631 CVE-2023-32707\u060c \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u062a\u0635\u0627\u062d\u0628 \u0627\u06a9\u0627\u0646\u062a \u0627\u062f\u0645\u06cc\u0646 \u0631\u0627 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0641\u0631\u0627\u0647\u0645 \u0645\u06cc\u200c\u0633\u0627\u0632\u062f.\n\n\u0627\u06cc\u0646 \u06a9\u062f \u06a9\u0647 \u0628\u0647 \u0632\u0628\u0627\u0646 \u067e\u0627\u06cc\u062a\u0648\u0646 \u0646\u0648\u0634\u062a\u0647 \u0634\u062f\u0647 \u0627\u0633\u062a\u060c \u0627\u0645\u06a9\u0627\u0646 \u0627\u062c\u0631\u0627 \u0628\u0631 \u0631\u0648\u06cc \u0646\u0633\u062e\u0647 \u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0627\u0631\u062f \u0648 \u0627\u0632 \u0627\u06cc\u0646 \u0631\u0648 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc \u0634\u0648\u062f \u062d\u062a\u0645\u0627 \u0633\u0627\u0645\u0627\u0646\u0647 \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u0622\u062e\u0631\u06cc\u0646 \u0646\u0633\u062e\u0647 \u0628\u0647\u200c\u0631\u0648\u0632 \u0631\u0633\u0627\u0646\u06cc \u0646\u0645\u0627\u0626\u06cc\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631:\n> 8.1.0 to 8.1.13\n> 8.2.0 to 8.2.10\n> 9.0.0 to 9.0.4\n\n\u0644\u06cc\u0646\u06a9 \u062f\u0627\u0646\u0644\u0648\u062f: https://www.exploit-db.com/exploits/51747", "creation_timestamp": "2023-12-21T14:40:28.000000Z"}, {"uuid": "705bf2fc-d0cb-4ddf-99e8-51a897678ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "seen", "source": "https://t.me/true_secator/4461", "content": "Splunk \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u043c.\n\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-32707, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 edit_user \u043f\u043e\u0432\u044b\u0448\u0430\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u0437\u0430\u043f\u0440\u043e\u0441\u0430.\n\n\u0414\u0435\u043b\u043e \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e edit_user \u043d\u0435 \u0443\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 grantableRoles \u0432 \u0444\u0430\u0439\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 authorize.conf, \u0447\u0442\u043e \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0430\u0435\u0442 \u0432\u043e\u0437\u043d\u0438\u043a\u043d\u043e\u0432\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0441\u0446\u0435\u043d\u0430\u0440\u0438\u044f.\n\n\u0414\u0440\u0443\u0433\u0430\u044f CVE-2023-32706 \u0432\u044b\u0437\u044b\u0432\u0430\u0435\u0442 DoS \u0432 \u0434\u0435\u043c\u043e\u043d\u0435 Splunk \u0438 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u043e\u0433\u0434\u0430 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440 XML \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 SAML.\n\n\u0415\u0449\u0435 \u043e\u0434\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Splunk Enterprise, \u2014 \u044d\u0442\u043e CVE-2023-32708, \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441 \u0440\u0430\u0437\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043e\u0442\u0432\u0435\u0442\u043e\u0432 HTTP, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0441 \u043d\u0438\u0437\u043a\u0438\u043c \u0443\u0440\u043e\u0432\u043d\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0440\u0443\u0433\u0438\u043c \u043a\u043e\u043d\u0435\u0447\u043d\u044b\u043c \u0442\u043e\u0447\u043a\u0430\u043c REST \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0442\u044c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0435\u043d\u0442.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0442\u0430\u043a\u0436\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 Splunk Enterprise, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Libxml2, OpenSSL, Curl, Libarchive, SQLite, Go \u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u0434\u0440\u0443\u0433\u0438\u0445.\u00a0\u041d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0431\u043e\u043b\u0435\u0435 \u0447\u0435\u0442\u044b\u0440\u0435\u0445 \u043b\u0435\u0442.\n\n\u0412\u0441\u0435 \u044d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438 \u043c\u0435\u043d\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u0432\u0435\u0440\u0441\u0438\u0439 Splunk Enterprise 8.1.14, 8.2.11 \u0438 9.0.5.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Splunk \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043e\u0448\u0438\u0431\u043e\u043a \u0432 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f \u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u043e\u0439 \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043f\u0430\u043a\u0435\u0442\u0430\u0445, \u0438\u043d\u0442\u0435\u0433\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0432 Splunk Universal Forwarders \u0438 Splunk Cloud.", "creation_timestamp": "2023-06-05T13:15:52.000000Z"}, {"uuid": "f4569730-6522-4235-8962-9df3fc8994fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9287", "content": "#exploit\n1. CVE-2023-32707:\nSplunk edit_user Capability Privilege Escalation\nhttps://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html\n\n2. Exploit for Maltrail web service v0.53 - \nUnauth OS Command Injection (RCE)\nhttps://github.com/spookier/Maltrail-v0.53-Exploit\n\n3. CVE-2023-46517:\nXAMPP 3.3.0 Buffer Overflow Exploit\nhttps://github.com/ripp3rdoc/XAMPPv3.3.0-BOF", "creation_timestamp": "2023-10-31T00:10:29.000000Z"}, {"uuid": "92aa0c37-312a-47f0-87d3-c785919d2775", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32707", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1585", "content": "#exploit\n1. CVE-2023-32707:\nSplunk edit_user Capability Privilege Escalation\nhttps://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html\n\n2. Exploit for Maltrail web service v0.53 - \nUnauthenticated OS Command Injection (RCE)\nhttps://github.com/spookier/Maltrail-v0.53-Exploit\n\n3. CVE-2023-46517:\nXAMPP 3.3.0 Buffer Overflow Exploit\nhttps://github.com/ripp3rdoc/XAMPPv3.3.0-BOF", "creation_timestamp": "2024-08-16T08:43:26.000000Z"}]}