{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32713", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-05-11T20:55:59.872Z", "datePublished": "2023-06-01T16:34:30.265Z", "dateUpdated": "2025-01-15T17:05:44.940Z"}, "containers": {"cna": {"affected": [{"product": "Splunk App for Stream", "vendor": "Splunk", "versions": [{"version": "8.1", "status": "affected", "versionType": "custom", "lessThan": "8.1.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user."}], "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0607"}], "title": "Local Privilege Escalation via the \u2018streamfwd\u2019 program in Splunk App for Stream", "datePublic": "2023-06-01T00:00:00.000000", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.", "cweId": "CWE-269"}]}], "source": {"advisory": "SVD-2023-0607"}, "credits": [{"lang": "en", "value": "Ben Leonard-Lagarde & Lucas Fedyniak-Hopes (Modux)"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-01-15T17:05:44.940Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T19:36:14.426767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk_app_for_stream:8.1:*:*:*:*:*:*:*"], "vendor": "splunk", "product": "splunk_app_for_stream", "versions": [{"status": "affected", "version": "8.1", "lessThan": "8.1.1", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:10.971Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.041Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0607", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0607", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:37.041Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32713", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-20T19:36:14.426767Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:splunk:splunk_app_for_stream:8.1:*:*:*:*:*:*:*"], "vendor": "splunk", "product": "splunk_app_for_stream", "versions": [{"status": "affected", "version": "8.1", "lessThan": "8.1.1", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-20T19:39:41.664Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Local Privilege Escalation via the \u2018streamfwd\u2019 program in Splunk App for Stream", "source": {"advisory": "SVD-2023-0607"}, "credits": [{"lang": "en", "value": "Ben Leonard-Lagarde & Lucas Fedyniak-Hopes (Modux)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk App for Stream", "versions": [{"status": "affected", "version": "8.1", "lessThan": "8.1.1", "versionType": "custom"}]}], "datePublic": "2023-06-01T00:00:00.000000", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0607"}], "descriptions": [{"lang": "en", "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.", "supportingMedia": [{"type": "text/html", "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-269", "description": "The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-01-15T17:05:44.940Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32713", "state": "PUBLISHED", "dateUpdated": "2025-01-15T17:05:44.940Z", "dateReserved": "2023-05-11T20:55:59.872Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2023-06-01T16:34:30.265Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk_app_for_stream:*:*:*:*:*:*:*:*", "matchCriteriaId": "1935738E-D4ED-4D2E-B984-FACD89EEAF7F", "versionEndExcluding": "8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user."}], "id": "CVE-2023-32713", "lastModified": "2024-11-21T08:03:54.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 6.0, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-01T17:15:10.453", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2023-0607"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}