CVE-2023-22943

Опубликовано: 14 фев. 2023

Источник: nvd

CVSS3: 4.8

CVSS3: 5.3

EPSS Низкий

Описание

Ссылки

https://advisory.splunk.com/advisories/SVD-2023-0213
Mitigation
Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2023-0213
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:splunk:add-on_builder:*:*:*:*:*:*:*:*

Версия от 4.1.0 (включая) до 4.1.2 (исключая)

cpe:2.3:a:splunk:cloudconnect_software_development_kit:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.3 (исключая)

EPSS

Процентиль: 53%

0.00297

Низкий

4.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-636

CWE-295

Связанные уязвимости

GHSA-jjqg-fqrm-g2vj

CVSS3: 5.3

github

почти 3 года назад

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly.

EPSS

Процентиль: 53%

0.00297

Низкий

4.8 Medium

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-636

CWE-295