CVE-2023-32709: Low-privileged User can View Hashed Default Splunk Password

4.3 CVSS

Description

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

Classification

CVE ID: CVE-2023-32709

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 33.1% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-0604
https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

Timeline

2024-12-11 00:30:48 UTC
CVE

Low-privileged User can View Hashed Default Splunk Password