Unrated severityNVD Advisory· Published Jun 1, 2023· Updated Feb 28, 2025
Low-privileged User can View Hashed Default Splunk Password
CVE-2023-32709
Description
In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<9.0.2303.100+ 1 more
- (no CPE)range: <9.0.2303.100
- (no CPE)range: -
<9.0.5, <8.2.11, <8.1.14+ 1 more
- (no CPE)range: <9.0.5, <8.2.11, <8.1.14
- (no CPE)range: 8.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.