You can find a more detailed summary of the high severity CVE's below:

CVE-2023-32707: ‘edit_user’ Capability Privilege Escalation
A low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the ‘edit_user’ capability does not honor the ‘grantableRoles’ setting in the authorize.conf configuration file, which prevents this scenario from happening.

CVSS 3.1: 8.8

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products:

• Splunk Enterprise <9.0.5, <8.2.11 and <8.1.14
• Splunk Cloud Platform <9.0.2303.100

CVE-2023-32714: Path Traversal in Splunk App for Lookup File Editing
A low-privileged user with access to the Splunk App for Lookup File Editing can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.

CVSS 3.1: 8.1

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products:

• Splunk App for Lookup File Editing versions <4.0.1

CVE-2023-32713: Local Privilege Escalation via the ‘streamfwd’ program in Splunk App for Stream
A low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.

CVSS 3.1: 8.1

CVSSv3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products:

• Splunk App for Stream versions <8.1.1

CVE-2023-32706: Denial Of Service due to Untrusted XML Tag in XML Parser within SAML Authentication
An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon. This happens when an incorrectly configured XML parser receives XML input that contains a reference to an entity expansion. Many recursive references to entity expansions can cause the XML parser to use all available memory on the machine, causing the Splunk daemon to crash or be terminated by the operating system.

CVSS 3.1: 7.7

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected products:

• Splunk Enterprise <9.0.5, <8.2.11 and <8.1.14
• Splunk Cloud Platform <9.0.2303.100

CVE-2023-32708: HTTP Response Splitting via the ‘rest’ SPL Command
A low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily, including viewing restricted content.

CVSS 3.1: 7.2

CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products:

• Splunk Enterprise <9.0.5, <8.2.11 and <8.1.14
• Splunk Cloud Platform <9.0.2303.100