CVE-2023-32709

MEDIUM

Splunk < 9.0.5, 8.2.11, 8.1.14 & Splunk Cloud < 9.0.2303.100 - Unauthorized Access to Hashed Credentials

Title source: llm

Description

In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.

References (2)

Core 2

Core References

Vendor Advisory

https://advisory.splunk.com/advisories/SVD-2023-0604

Vendor Advisory

https://research.splunk.com/application/a1be424d-e59c-4583-b6f9-2dcc23be4875/

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 37.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (2)

splunk/splunk 8.1.0 - 8.1.14

splunk/splunk_cloud_platform < 9.0.2303.100

Published Jun 01, 2023

Tracked Since Feb 18, 2026