Cyber Resilience

CVE-2023-22943

Medium

Published: 14 February 2023

Published
14 February 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score 0.0033 55.9th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-22943 is a medium-severity Failing Open (CWE-636) vulnerability in Splunk Add-On Builder. Its CVSS base score is 4.8 (Medium).

Operationally, ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS…

more

occurs.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

splunk
add-on builder
4.1.0 — 4.1.2
splunk
cloudconnect software development kit
3.1.0 — 3.1.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-636

Ensures audit logging continues on primary failure instead of failing open with no logging capability.

addresses: CWE-636

Supports failing securely by requiring alerts and configurable actions (e.g., shutdown) when the audit mechanism fails instead of continuing without it.

addresses: CWE-636

Entering safe mode when conditions are detected prevents failing open and continuing normal operation in a potentially exploitable state.

addresses: CWE-636

Ensures security functions remain enforced via alternatives instead of defaulting to an insecure state when the primary means fails.

addresses: CWE-295

When certificates are used to establish component provenance, the control requires correct certificate validation procedures.

addresses: CWE-636

Fail-safe-defaults principle prevents systems from failing open.

addresses: CWE-295

Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.

addresses: CWE-636

Directly requires transition to a known (secure) state on failure, preventing fail-open behavior.

References