On Thursday, Splunk released security patches for Splunk Enterprise that fix a number of serious flaws, some of which affect the product’s third-party package usage. The worst of these is CVE-2023-32707, a vulnerability that permits low-privileged users with the ’edit_user’ capability to gain administrator rights by sending a specially designed web request.
This is due to the ‘grantableRoles’ value in the authorize.conf configuration file not being respected by the ’edit_user’ capability, which precludes this scenario from occurring, according to a Splunk advice.