github - ghsa-qpqv-mwrg-mw8j

ghsa-qpqv-mwrg-mw8j

Vulnerability from github

Published

2023-08-30 18:30

Modified

2023-11-03 03:30

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-40593"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-30T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.",
  "id": "GHSA-qpqv-mwrg-mw8j",
  "modified": "2023-11-03T03:30:23Z",
  "published": "2023-08-30T18:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40593"
    },
    {
      "type": "WEB",
      "url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
    },
    {
      "type": "WEB",
      "url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-40593 (GCVE-0-2023-40593)

Vulnerability from cvelistv5

Published

2023-08-30 16:19

Modified

2025-02-28 11:03

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-400 - The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Summary

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.

References

URL

Tags

	https://advisory.splunk.com/advisories/SVD-2023-0802
	https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/

Impacted products

Vendor

Product

Version

Splunk Enterprise

Version: 8.2 < 8.2.12
Version: 9.0 < 9.0.6

Version: - < 9.0.2205

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:50.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "8.2.12",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.6",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Cloud",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.0.2205",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Aaron Devaney (Dodekeract)"
        }
      ],
      "datePublic": "2023-08-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon."
            }
          ],
          "value": "In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-28T11:03:56.605Z",
        "orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
        "shortName": "Splunk"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2023-0802"
        },
        {
          "url": "https://research.splunk.com/application/8e8a86d5-f323-4567-95be-8e817e2baee6/"
        }
      ],
      "source": {
        "advisory": "SVD-2023-0802"
      },
      "title": "Denial of Service (DoS) in Splunk Enterprise Using a Malformed SAML Request"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
    "assignerShortName": "Splunk",
    "cveId": "CVE-2023-40593",
    "datePublished": "2023-08-30T16:19:41.308Z",
    "dateReserved": "2023-08-16T22:07:52.838Z",
    "dateUpdated": "2025-02-28T11:03:56.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.