Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments
Advisory ID: SVD-2024-0101
CVE ID: CVE-2024-22164
Published: 2024-01-09
Last Update: 2024-01-10
CVSSv3.1 Score: 4.3, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
Bug ID: SOLNESS-35980
DescriptionPermalink
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the investigation. The attachment endpoint does not properly limit the size of the request, which lets an attacker cause the investigation to become inaccessible.
The vulnerability requires the authenticated, collaborator access to the Investigation and only affects the availability of an affected Investigation.
SolutionPermalink
Upgrade Splunk Enterprise Security (ES) to versions 7.1.2, 7.2.0, 7.3.0 or higher.
Product StatusPermalink
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise Security (ES) | 7.3 | - | - | 7.3.0 |
| Splunk Enterprise Security (ES) | 7.2 | - | - | 7.2.0 |
| Splunk Enterprise Security (ES) | 7.1 | - | Below 7.1.2 | 7.1.2 |
Mitigations and WorkaroundsPermalink
N/A
DetectionsPermalink
SeverityPermalink
Splunk rates this vulnerability a 4.3, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L.
AcknowledgmentsPermalink
Vikram Ashtaputre, Splunk