CVE-2023-46231 - Vulnerability Details - OpenCVE

In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Splunk	Add-on Builder

Configuration 1 [-]

cpe:2.3:a:splunk:add-on_builder:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2024-0110

History

Tue, 12 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2024-01-30T17:00:46.832Z

Updated: 2025-02-28T11:03:46.800Z

Reserved: 2023-10-19T16:01:29.823Z

Link: CVE-2023-46231

Vulnrichment

Updated: 2024-08-02T20:37:40.153Z

NVD

Status : Modified

Published: 2024-01-30T17:15:10.117

Modified: 2024-11-21T08:28:07.600

Link: CVE-2023-46231

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46231", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "state": "PUBLISHED", "assignerShortName": "Splunk", "dateReserved": "2023-10-19T16:01:29.823Z", "datePublished": "2024-01-30T17:00:46.832Z", "dateUpdated": "2025-02-28T11:03:46.800Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Add-on Builder", "vendor": "Splunk", "versions": [{"version": "-", "status": "affected", "versionType": "custom", "lessThan": "4.1.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on."}], "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0110"}], "title": "Session Token Disclosure to Internal Log Files in Splunk Add-on Builder", "datePublic": "2024-01-30T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.", "cweId": "CWE-532"}]}], "source": {"advisory": "SVD-2024-0110"}, "credits": [{"lang": "en", "value": "Vikram Ashtaputre, Splunk"}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:46.800Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.153Z"}, "title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0110", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-12T20:38:47.921274Z", "id": "CVE-2023-46231", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:39:05.063Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0110", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.153Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46231", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-12T20:38:47.921274Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-12T20:39:00.453Z"}}], "cna": {"title": "Session Token Disclosure to Internal Log Files in Splunk Add-on Builder", "source": {"advisory": "SVD-2024-0110"}, "credits": [{"lang": "en", "value": "Vikram Ashtaputre, Splunk"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Splunk", "product": "Splunk Add-on Builder", "versions": [{"status": "affected", "version": "-", "lessThan": "4.1.4", "versionType": "custom"}]}], "datePublic": "2024-01-30T00:00:00.000Z", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2024-0110"}], "descriptions": [{"lang": "en", "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.", "supportingMedia": [{"type": "text/html", "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-532", "description": "Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information."}]}], "providerMetadata": {"orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk", "dateUpdated": "2025-02-28T11:03:46.800Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46231", "state": "PUBLISHED", "dateUpdated": "2025-02-28T11:03:46.800Z", "dateReserved": "2023-10-19T16:01:29.823Z", "assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "datePublished": "2024-01-30T17:00:46.832Z", "assignerShortName": "Splunk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:add-on_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DB4FEB0-90F8-406B-98E8-79A5AB5028C6", "versionEndExcluding": "4.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on."}, {"lang": "es", "value": "En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicaci\u00f3n escribe tokens de sesi\u00f3n de usuario en sus archivos de registro internos cuando visita Splunk Add-on Builder o cuando crea o edita una aplicaci\u00f3n o complemento personalizado."}], "id": "CVE-2023-46231", "lastModified": "2024-11-21T08:28:07.600", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-30T17:15:10.117", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://advisory.splunk.com/advisories/SVD-2024-0110"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}