Home / exploitsPDF  

Splunk Enterprise Account Takeover

Posted on 11 September 2023

Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edit_user capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests.

 

TOP