Third-Party Package Updates in Splunk Enterprise - October 2024
Advisory ID: SVD-2024-1012
CVE ID: Multiple
Published: 2024-10-14
Last Update: 2024-10-14
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.3.1, 9.2.3, 9.1.6, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| urllib3 | Upgraded to 1.26.19 | CVE-2023-45803 | Medium |
| urllib3 | Upgraded to 1.26.19 | CVE-2023-43804 | Medium |
| urllib3 | Upgraded to 1.26.19 | CVE-2024-37891 | Medium |
| requests1 | Upgraded to 1.32.3 | CVE-2024-35195 | Medium |
| requests2 | Applied patch to 2.31.0 | CVE-2024-35195 | Medium |
| py3 | Removed | CVE-2022-42969 | Medium |
| OpenLDAP4 | Upgraded to 2.4.59 | Multiple | Multiple |
| OpenLDAP | Applied patch to 2.4.59 | CVE-2022-29155 | Informational |
| OpenLDAP | Applied patch to 2.4.59 | CVE-2023-2953 | High |
| OpenLDAP | Applied patch to 2.4.59 | CVE-2015-3276 | High |
| go-jose.v25 | Upgrade to 2.6.3 | CVE-2024-28180 | Medium |
| golang.org/x/net6 | Upgraded to 0.23.0 | Multiple | Multiple |
| google.golang.org/protobuf7 | Upgraded to 1.34.1 | CVE-2024-24786 | Informational |
| google.golang.org/grpc8 | Upgrade to 1.62.1 | CVE-2023-44487 | High |
| golang.org/x/crypto9 | Upgrade to 0.23.0 | CVE-2023-48795 | Medium |
| golang.org/x/crypto10 | Upgrade to 0.21.0 | CVE-2023-48795 | Medium |
| go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc11 | 0.49.0 | CVE-2023-47108 | High |
| go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp12 | 0.49.0 | CVE-2023-45142 | High |
| github.com/docker/docker13 | Upgraded to 26.0.0 | CVE-2024-24557 | Medium |
| golang14 | Upgraded golang in assistsup to 1.22.4 | Multiple | Multiple |
| golang15 | Upgraded golang in compsup to 1.22.4 | Multiple | Multiple |
| golang16 | Upgraded golang mongodump and mongorestore to 1.22.4 | Multiple | Multiple |
| golang17 | Removed spl2-orchestrator binary | Multiple | Multiple |
1 Upgrade requests in $SPLUNK_HOME/lib/python3.9/site-packages/ in 9.3.1
2 Applied the patch for CVE-2024-35195 to requests 2.31.0 in $SPLUNK_HOME/lib/python3.7/site-packages/
3 Splunk removed pypi:py from the splunk-rolling-upgrade app in 9.3.0, 9.2.3, and 9.1.6
4 Upgraded OpenLDAP in splunkd to remedy CVE-2020-12243, CVE-2020-15719, CVE-2020-25692, CVE-2020-36222, CVE-2020-36223, CVE-2020-36221, CVE-2020-36224, CVE-2020-36225, CVE-2020-36229, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36230, CVE-2021-27212, CVE-2017-14159, CVE-2017-17740, CVE-2019-13057, and CVE-2019-13565.
5 Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe
6 Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe to remedy CVE-2023-45288, CVE-2023-44487, and CVE-2023-39325
7 Upgraded in $SPLUNK_HOME/bin/compsup, $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe
8 Upgraded in $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe
9 Upgraded in $SPLUNK_HOME/bin/mongodump and $SPLUNK_HOME/bin/mongorestore
10 Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.
11 Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.
12 Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.
13 Upgraded in $SPLUNK_HOME/bin/compsup. The compsup binary is not present in 9.1 versions.
14 Upgraded $SPLUNK_HOME/etc/apps/splunk_assist/bin/linux_x86_64/assistsup and $SPLUNK_HOME/etc/apps/splunk_assist/bin/windows_x86_64/assistsup.exe from 1.22.1 to 1.22.4 to remedy CVE-2024-24790 and CVE-2023-45288.
15 Upgraded $SPLUNK_HOME/bin/compsup from 1.22.1 to 1.22.4 to remedy CVE-2024-24790 and CVE-2023-45288
16 Upgraded $SPLUNK_HOME/bin/mongodump and $SPLUNK_HOME/bin/mongorestore from 1.20.10 to 1.22.4 to remedy CVE-2023-45288, CVE-2023-39318, CVE-2023-45285, CVE-2023-45284, CVE-2023-45283, CVE-2023-39326, CVE-2023-39319, and CVE-2024-24790
17 Splunk Enterprise 9.2.3 removed the $SPLUNK_HOME/bin/spl2-orchestrator binary to remedy CVE-2023-26125, CVE-2023-29401, CVE-2023-39325, CVE-2023-3978, CVE-2023-44487, CVE-2023-45288, CVE-2023-44487, CVE-2023-48795, CVE-2023-50658, CVE-2024-24786, CVE-2024-28180, CVE-2024-24790, CVE-2023-45288, CVE-2023-45285, CVE-2023-45284, CVE-2023-45283, CVE-2023-39326, CVE-2023-39323, CVE-2023-39322, CVE-2023-39321, CVE-2023-39320, CVE-2023-39319, and CVE-2023-39318. The spl2-orchestrator binary was present in versions 9.2.0 through 9.2.2.
Solution
Upgrade Splunk Enterprise to versions 9.3.1, 9.2.3, 9.1.6, or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise | 9.3 | 9.3.0 | 9.3.1 | |
| Splunk Enterprise | 9.2 | 9.2.0 to 9.2.2 | 9.2.3 | |
| Splunk Enterprise | 9.1 | 9.1.0 to 9.1.5 | 9.1.6 |
Severity
For the CVEs in this list, Splunk adopted one of the following ratings:
- Where applicable, the severity rating that the vendor published, or
- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.