CVE-2023-22943

Name of the Vulnerable Software and Affected Versions Splunk Add-on Builder versions prior to 4.1.2 Splunk CloudConnect SDK versions prior to 3.1.3

Description The issue occurs when requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS. This affects not only the Splunk Add-on Builder but also apps generated by it when using the REST API Modular Input functionality, as well as potentially third-party apps and add-ons that directly call the cloudconnectlib.splunktacollectorlib.cloud connect mod input Python class.

Recommendations For Splunk Add-on Builder versions prior to 4.1.2, update to version 4.1.2 or later. For Splunk CloudConnect SDK versions prior to 3.1.3, update to version 3.1.3 or later. As a temporary workaround, consider restricting the use of the REST API Modular Input functionality until a patch is applied.