CVE-2023-22943
Published: 14 February 2023
Summary
CVE-2023-22943 is a medium-severity Failing Open (CWE-636) vulnerability in Splunk Add-On Builder. Its CVSS base score is 4.8 (Medium).
Operationally, ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27045
Vulnerability details
In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS…
more
occurs.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ensures audit logging continues on primary failure instead of failing open with no logging capability.
Supports failing securely by requiring alerts and configurable actions (e.g., shutdown) when the audit mechanism fails instead of continuing without it.
Entering safe mode when conditions are detected prevents failing open and continuing normal operation in a potentially exploitable state.
Ensures security functions remain enforced via alternatives instead of defaulting to an insecure state when the primary means fails.
When certificates are used to establish component provenance, the control requires correct certificate validation procedures.
Fail-safe-defaults principle prevents systems from failing open.
Mandates approved trust anchors and issuance policies, directly preventing acceptance of unvalidated or untrusted certificates.
Directly requires transition to a known (secure) state on failure, preventing fail-open behavior.