Vulnerabilities > Splunk > ADD ON Builder
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-30 | CVE-2023-46230 | Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2 In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. | 4.9 |
2024-01-30 | CVE-2023-46231 | Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2 In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on. | 7.2 |
2023-02-14 | CVE-2023-22943 | Improper Certificate Validation vulnerability in Splunk products In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | 5.3 |