module
Splunk "edit_user" Capability Privilege Escalation
| Disclosed |
|---|
| Jun 1, 2023 |
Disclosed
Jun 1, 2023
Description
A low-privileged user who holds a role that has the "edit_user" capability assigned to it
can escalate their privileges to that of the admin user by providing a specially crafted web request.
This is because the "edit_user" capability does not honor the "grantableRoles" setting in the authorize.conf
configuration file, which prevents this scenario from happening.
This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving RCE.
can escalate their privileges to that of the admin user by providing a specially crafted web request.
This is because the "edit_user" capability does not honor the "grantableRoles" setting in the authorize.conf
configuration file, which prevents this scenario from happening.
This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving RCE.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.