1 results (0.004 seconds)
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22943 – Modular Input REST API Requests Connect via HTTP after Certificate Validation Failure in Splunk Add-on Builder and Splunk CloudConnect SDK
https://notcve.org/view.php?id=CVE-2023-22943
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. • https://advisory.splunk.com/advisories/SVD-2023-0213 • CWE-295: Improper Certificate Validation CWE-636: Not Failing Securely ('Failing Open') •