module
Splunk "edit_user" Capability Privilege Escalation
| Disclosed | Created |
|---|---|
| 2023-06-01 | 2023-10-26 |
Disclosed
2023-06-01
Created
2023-10-26
Description
A low-privileged user who holds a role that has the "edit_user" capability assigned to it
can escalate their privileges to that of the admin user by providing a specially crafted web request.
This is because the "edit_user" capability does not honor the "grantableRoles" setting in the authorize.conf
configuration file, which prevents this scenario from happening.
This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving RCE.
can escalate their privileges to that of the admin user by providing a specially crafted web request.
This is because the "edit_user" capability does not honor the "grantableRoles" setting in the authorize.conf
configuration file, which prevents this scenario from happening.
This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving RCE.
Authors
Mr Hack (try_to_hack) Santiago Lopez
Heyder Andrade
Redway Security redwaysecurity.com
Heyder Andrade
Redway Security redwaysecurity.com
Platform
Linux,OSX,Unix,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.