CVE-2023-46231

Name of the Vulnerable Software and Affected Versions Splunk Add-on Builder versions prior to 4.1.4

Description The issue is related to the application writing user session tokens to its internal log files when visiting the Splunk Add-on Builder or when building or editing a custom app or add-on. This is due to incorrect handling of log output. Exploitation of this issue may allow a remote attacker to gain unauthorized access to edit applications.

Recommendations For versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal log files to minimize the risk of exploitation.