Lucene search

[email protected]CVE-2023-46230

HistoryJan 30, 2024 - 5:15 p.m.

CVE-2023-46230

2024-01-3017:15:09

CWE-532

[email protected]

web.nvd.nist.gov

splunk

add-on builder

cve-2023-46230

security vulnerability

log files

nvd

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.

Affected configurations

NVD

Node

splunkadd-on_builderRange<4.1.4

CPENameOperatorVersion
splunk:add-on_buildersplunk add-on builderlt4.1.4

CPE	Name	Operator	Version
splunk:add-on_builder	splunk add-on builder	lt	4.1.4

CNA Affected

[
  {
    "product": "Splunk Add-on Builder",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "-",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "4.1.4"
      }
    ]
  }
]

References

advisory.splunk.com/advisories/SVD-2024-0111

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

JSON

Related for CVE-2023-46230

prion1 nvd1 cvelist1