Splunk: >> Add-On Builder Security Vulnerabilities
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-01-30
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
CVSS Score
8.2
EPSS Score
0.0
Published
2024-01-30
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-02-14