Vulnerabilities > Splunk > ADD ON Builder > 4.1.1

DATE CVE VULNERABILITY TITLE RISK
2024-01-30 CVE-2023-46230 Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
network
low complexity
splunk CWE-532
4.9
4.9
2024-01-30 CVE-2023-46231 Information Exposure Through Log Files vulnerability in Splunk Add-On Builder 4.1.0/4.1.1/4.1.2
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.
network
low complexity
splunk CWE-532
7.2
7.2
2023-02-14 CVE-2023-22943 Improper Certificate Validation vulnerability in Splunk products
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.
network
low complexity
splunk CWE-295
5.3
5.3