Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments
Advisory ID: SVD-2024-0101
CVE ID: CVE-2024-22164
Published: 2024-01-09
Last Update: 2024-01-10
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
Bug ID: SOLNESS-35980
Description
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the investigation. The attachment endpoint does not properly limit the size of the request, which lets an attacker cause the investigation to become inaccessible.
The vulnerability requires the authenticated, collaborator access to the Investigation and only affects the availability of an affected Investigation.
Solution
Upgrade Splunk Enterprise Security (ES) to versions 7.1.2, 7.2.0, 7.3.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise Security (ES) | 7.3 | - | - | 7.3.0 |
| Splunk Enterprise Security (ES) | 7.2 | - | - | 7.2.0 |
| Splunk Enterprise Security (ES) | 7.1 | - | Below 7.1.2 | 7.1.2 |
Mitigations and Workarounds
N/A
Detections
Severity
Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.
Acknowledgments
Vikram Ashtaputre, Splunk