Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK
CVE-2023-22943

4.8MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Add-on Builder; Splunk Cloudconnect Sdk
Vendor: CVE Published:; 14 February 2023

Summary

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.

Affected Version(s)

Splunk Add-on Builder 4.1 < 4.1.2

Splunk CloudConnect SDK 3.1 < 3.1.3

References

https://advisory.splunk.com/advisories/SVD-2023-0213

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2023
Vulnerability Reserved
Jan 10, 2023

Credit

Chris Green