We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | Splunk |
Reserved | 2024-01-05 |
Published | 2024-01-09 |
Updated | 2024-10-30 |
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Vikram Ashtaputre, Splunk
https://advisory.splunk.com/advisories/SVD-2024-0101
https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/