all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Splunk edit_user Capability Privilege Escalation

Add to bookmarks
Oct. 27, 2023, 1:18 p.m. |

Packet Storm packetstormsecurity.com

Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app …

admin authorize .conf configuration escalation file issue low privilege privileged privileged user privilege escalation privileges request role splunk web

Visit resource

More from packetstormsecurity.com / Packet Storm

LockBit Takes Credit For City Of Wichita Ransomware Attack 58 minutes ago | packetstormsecurity.com
attack city city of wichita credit +6
UK Armed Forces' Personal Data Hacked In MoD Breach 58 minutes ago | packetstormsecurity.com
breach britain cyberwar data +7
TunnelVision DHCP Flaw Lets Attackers Bypass VPNs, Redirect Traffic 58 minutes ago | packetstormsecurity.com
attackers bypass dhcp flaw +5
Zscaler Investigates Hacking Claims After Data Offered For Sale 58 minutes ago | packetstormsecurity.com
claims data flaw hacker +3
Critical Vulnerabilities In BIG-IP Appliances Leave Big Networks Open To Intrusion 58 minutes ago | packetstormsecurity.com
big big-ip critical critical vulnerabilities +5
One Year On, Universities Org Admits MOVEit Attack Hit Data Of 800k People 58 minutes ago | packetstormsecurity.com
attack data data loss flaw +5
AIDE 0.18.7 3 days, 1 hour ago | packetstormsecurity.com
advanced aide algorithms can +17
Systemd Insecure PTY Handling 3 days, 2 hours ago | packetstormsecurity.com
changing handling high insecure +5
Microsoft PlayReady Toolkit 3 days, 2 hours ago | packetstormsecurity.com
access acquisition client code +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Engineer

@ SNC-Lavalin | GB.Bristol.The Hub
View on infosec-jobs.com

Application Security Engineer

@ Virtru | Remote
View on infosec-jobs.com

SC2024-003563 Firewall Coordinator (NS) - TUE 21 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Senior Application Security Engineer

@ Fortis Games | Remote - Canada
View on infosec-jobs.com

DevSecOps Manager

@ Philips | Bengaluru – Embassy Business Hub
View on infosec-jobs.com

Information System Security Manager (ISSM)

@ ARA | Raleigh, North Carolina, United States
View on infosec-jobs.com
View more jobs