Splunk Enterprise and Splunk Secure Gateway App Improper Input Validation Vulnerability Leading to Client-Side Denial-of-Service
Vulnerability
A denial-of-service vulnerability has been identified in Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10. Additionally, versions prior to 3.9.10, 3.8.58, and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform are affected. The vulnerability arises from improper input validation in the 'label' column field, allowing low-privileged users without 'admin' or 'power' roles to craft malicious payloads after adding a new device in the Splunk Secure Gateway app. This exploitation could lead to a client-side denial-of-service condition.
Impact
Exploitation of this vulnerability can cause a client-side denial-of-service, disrupting the user's ability to interact with the Splunk application or service.
Remediation
Users can upgrade Splunk Enterprise to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10 or higher. For Splunk Cloud Platform, instances are actively monitored and patched. If the Splunk Secure Gateway App is not needed, it can be disabled.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.