GSD-2024-22164

Vulnerability from gsd - Updated: 2024-01-06 06:02
Details
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.
Aliases
To clipboard 

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-22164"
      ],
      "details": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.",
      "id": "GSD-2024-22164",
      "modified": "2024-01-06T06:02:13.742380Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "prodsec@splunk.com",
        "ID": "CVE-2024-22164",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Splunk Enterprise Security (ES)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.3",
                          "version_value": "7.3.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.2",
                          "version_value": "7.2.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "7.1",
                          "version_value": "7.1.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Splunk"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Vikram Ashtaputre, Splunk"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-400",
                "lang": "eng",
                "value": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://advisory.splunk.com/advisories/SVD-2024-0101",
            "refsource": "MISC",
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
          },
          {
            "name": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/",
            "refsource": "MISC",
            "url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/"
          }
        ]
      },
      "source": {
        "advisory": "SVD-2024-0101"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:splunk:enterprise_security:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2D79C40D-51D3-4A7E-A3FC-F8638D1E6AFA",
                    "versionEndExcluding": "7.1.2",
                    "versionStartIncluding": "7.1.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."
          },
          {
            "lang": "es",
            "value": "En las versiones de Splunk Enterprise Security (ES) inferiores a 7.1.2, un atacante puede utilizar archivos adjuntos de investigaci\u00f3n para realizar una denegaci\u00f3n de servicio (DoS) a la investigaci\u00f3n. El endpoint del archivo adjunto no limita adecuadamente el tama\u00f1o de la solicitud, lo que permite que un atacante haga que la investigaci\u00f3n se vuelva inaccesible."
          }
        ],
        "id": "CVE-2024-22164",
        "lastModified": "2024-01-16T17:40:17.057",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 1.4,
              "source": "prodsec@splunk.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-09T17:15:12.323",
        "references": [
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2024-0101"
          },
          {
            "source": "prodsec@splunk.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/"
          }
        ],
        "sourceIdentifier": "prodsec@splunk.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-770"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-400"
              }
            ],
            "source": "prodsec@splunk.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.