CVE-2023-32713
HIGHSplunk App for Stream < 8.1.1 - Privilege Escalation via streamfwd Process
Title source: llmDescription
In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.
References (1)
Core 1
Core References
Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2023-0607
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-269
Status
published
Products (1)
splunk/splunk_app_for_stream
< 8.1.1
Published
Jun 01, 2023
Tracked Since
Feb 18, 2026