Description
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- Splunk / Splunk Cloud Platform10.1.2507 – 10.1.2507.6
- Splunk / Splunk Cloud Platform10.0.2503 – 10.0.2503.8
- Splunk / Splunk Cloud Platform9.3.2411 – 9.3.2411.120
- Splunk / Splunk Enterprise9.2 – 9.2.10
- Splunk / Splunk Enterprise10.0 – 10.0.2
- Splunk / Splunk Enterprise9.4 – 9.4.6
- Splunk / Splunk Enterprise9.3 – 9.3.8
- Splunk / Splunk Secure Gateway3.9 – 3.9.10
- Splunk / Splunk Secure Gateway3.8 – 3.8.58
- Splunk / Splunk Secure Gateway3.7 – 3.7.28
References
- VENDOR_ADVISORYhttps://advisory.splunk.com/advisories/SVD-2025-1208