Unrated severityNVD Advisory· Published Jun 1, 2023· Updated Mar 11, 2025
‘edit_user’ Capability Privilege Escalation
CVE-2023-32707
Description
In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<9.0.2303.100+ 1 more
- (no CPE)range: <9.0.2303.100
- (no CPE)range: -
<9.0.5, <8.2.11, <8.1.14+ 1 more
- (no CPE)range: <9.0.5, <8.2.11, <8.1.14
- (no CPE)range: 8.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.