Wednesday, April 23, 2025
HomeCyber Security NewsSplunk Flaw Let Attackers Escalate Privilege Using crafted web Request

Splunk Flaw Let Attackers Escalate Privilege Using crafted web Request

Published on

SIEM as a Service

Follow Us on Google News

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.

Splunk can collect logs of all the configured events that can be used later to investigate security incidents.

Based on recent reports, Splunk was vulnerable to a Privilege escalation vulnerability which was discovered and reported.

- Advertisement - Google News

The company has immediately patched this vulnerability on all Splunk versions.

CVE-2023-32707: ‘edit_user’ Capability Privilege Escalation

Any users with low privileges and has ‘edit_user’ capability can escalate their privileges to an admin user by sending a specially crafted web request to Splunk.

This was because of the fact that ‘edit_user’ does not connect with the ‘grantableRole’ setting in the authorize.conf configuration file, which could prevent this privilege escalation vulnerability.

Affected Products and Fix:

The Table below shows the products that were affected and the fixed version.

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Web8.1.0 to 8.1.138.1.14
Splunk Enterprise8.2Splunk Web8.2.0 to 8.2.108.2.11
Splunk Enterprise9Splunk Web9.0.0 to 9.0.49.0.5
Splunk Cloud PlatformSplunk Web9.0.2303 and below9.0.2303.100

Mitigations and Workarounds:

  • Other than admins, no other users must have the ‘edit_user’ capability.
  • Do not provide an ‘edit_user’ role through which other roles will be inherited.
  • Do not assign the ‘edit_user’ capability to users with low or no privileges.

All Splunk users are recommended to upgrade their Splunk versions to the latest versions.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field...

Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored...

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with...

New SMS Phishing Attack Weaponizes Google AMP Links to Evade Detection

Group-IB’s High-Tech Crime Trends Report 2025 reveals a sharp 22% surge in phishing websites,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field...

Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored...

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with...