In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
References
Link | Resource |
---|---|
https://advisory.splunk.com/advisories/SVD-2023-0607 | Vendor Advisory |
Configurations
History
07 Jun 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:splunk_app_for_stream:*:*:*:*:*:*:*:* | |
First Time |
Splunk splunk App For Stream
Splunk |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.9 |
CWE | CWE-269 | |
References | (MISC) https://advisory.splunk.com/advisories/SVD-2023-0607 - Vendor Advisory |
01 Jun 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-01 17:15
Updated : 2024-04-10 01:15
NVD link : CVE-2023-32713
Mitre link : CVE-2023-32713
CVE.ORG link : CVE-2023-32713
JSON object : View
Products Affected
splunk
- splunk_app_for_stream
CWE
CWE-269
Improper Privilege Management