Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
CVE-2023-46230

8.2HIGH

Key Information:

Vendor: Splunk
Status: Splunk Add-on Builder
Vendor: CVE Published:; 30 January 2024

What is CVE-2023-46230?

In versions of Splunk Add-on Builder prior to 4.1.4, the application exhibits a vulnerability where it inadvertently writes sensitive information to internal log files. This can lead to unauthorized access to sensitive data, increasing the risk of data exposure and potential misuse. Organizations using affected versions are advised to upgrade to the latest version to mitigate this security risk and protect their data integrity.

Affected Version(s)

Splunk Add-on Builder - < 4.1.4

References

https://advisory.splunk.com/advisories/SVD-2024-0111

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2024
Vulnerability Reserved
Oct 19, 2023

Credit

Vikram Ashtaputre, Splunk