Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Splunk Subscribe
Filtered by product Cloudconnect Software Development Kit
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22943 1 Splunk 2 Add-on Builder, Cloudconnect Software Development Kit 2023-02-23 N/A 5.3 MEDIUM
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly.