github - ghsa-qgj7-qp4f-2mg6

ghsa-qgj7-qp4f-2mg6

Vulnerability from github

Published

2023-07-06 21:15

Modified

2024-04-04 05:48

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-32709"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-01T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint.",
  "id": "GHSA-qgj7-qp4f-2mg6",
  "modified": "2024-04-04T05:48:25Z",
  "published": "2023-07-06T21:15:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32709"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0604"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2023-32709

Vulnerability from cvelistv5

Published

2023-06-01 16:34

Modified

2024-10-30 15:06

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Low-privileged User can View Hashed Default Splunk Password

References

▼	URL	Tags
	https://advisory.splunk.com/advisories/SVD-2023-0604
	https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

Impacted products

▼	Vendor	Product
	Splunk	Splunk Enterprise
	Splunk	Splunk Cloud Platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:37.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2023-0604"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "8.1.14",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.11",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.5",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud Platform",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.0.2303.100",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Anton (therceman)"
        }
      ],
      "datePublic": "2023-06-01T00:00:00.000000",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."
            }
          ],
          "value": "In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the \u2018user\u2019 role can see the hashed version of the initial user name and password for the Splunk instance by using the \u2018rest\u2019 SPL command against the \u2018conf-user-seed\u2019 REST endpoint."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-30T15:06:35.933Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2023-0604"
        },
        {
          "url": "https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/"
        }
      ],
      "source": {
        "advisory": "SVD-2023-0604"
      },
      "title": "Low-privileged User can View Hashed Default Splunk Password"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2023-32709",
    "datePublished": "2023-06-01T16:34:30.933Z",
    "dateReserved": "2023-05-11T20:55:59.871Z",
    "dateUpdated": "2024-10-30T15:06:35.933Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted