First published: Tue Feb 14 2023(Updated: )
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.
Credit: prodsec@splunk.com prodsec@splunk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk Add-on Builder | >=4.1.0<4.1.2 | |
Splunk Cloudconnect Software Development Kit | >=3.1.0<3.1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22943 is a vulnerability in Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3 that allows HTTP connections to be used after a failure to connect over HTTPS.
The severity of CVE-2023-22943 is medium with a CVSS score of 5.3.
CVE-2023-22943 affects Splunk Add-on Builder (AoB) versions below 4.1.2 by causing requests to third-party APIs through the REST API Modular Input to revert to using HTTP after a failure to connect over HTTPS.
CVE-2023-22943 affects the Splunk CloudConnect SDK versions below 3.1.3 by causing requests to third-party APIs through the REST API Modular Input to revert to using HTTP after a failure to connect over HTTPS.
To fix CVE-2023-22943, upgrade Splunk Add-on Builder to version 4.1.2 or above, or upgrade the Splunk CloudConnect SDK to version 3.1.3 or above.