Session Token Disclosure to Internal Log Files in Splunk Add-on Builder
CVE-2023-46231
8.8HIGH
What is CVE-2023-46231?
An identified vulnerability in Splunk Add-on Builder allows the application to log user session tokens in its internal files when users access the application or modify custom apps. This exposure can potentially lead to unauthorized access, as sensitive session information is stored insecurely in log files. Organizations that utilize affected versions prior to 4.1.4 should assess their security protocols and apply the necessary updates to mitigate the risk associated with this vulnerability.
Affected Version(s)
Splunk Add-on Builder - < 4.1.4