Lucene search

SplunkCVELIST:CVE-2023-46231

HistoryJan 30, 2024 - 5:00 p.m.

CVE-2023-46231 Session Token Disclosure to Internal Log Files in Splunk Add-on Builder

2024-01-3017:00:46

Splunk

www.cve.org

cve-2023-46231

splunk add-on builder

session token

disclosure

log files

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.

CNA Affected

[
  {
    "product": "Splunk Add-on Builder",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "-",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "4.1.4"
      }
    ]
  }
]

References

advisory.splunk.com/advisories/SVD-2024-0110

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.3%

JSON

Related for CVELIST:CVE-2023-46231