Splunk SOAR Cryptography Python Package Upgrade Incompatibility

Advisory ID: SVD-2023-0701

Published: 2023-07-17

Last Update: 2023-07-17

CVEPackageRemediationSeverity
CVE-2023-23931Cryptography, PythonUpgraded to 41.0.1Medium
CVE-2023-0286Cryptography, PythonUpgraded to 41.0.1High

Description

In version 6.1.1 of Splunk SOAR, Splunk will upgrade the Python cryptography library to version 41.0.1 in early September to address a known security vulnerability in earlier libraries.

If you created custom apps that specify Python cryptography library version before 40.0.0, when you upgrade to Splunk SOAR version 6.1.1, you might encounter Python module import problems during execution of these apps. Applications with this import error cannot run and will not be functional.

Check if you are Affected

If you created custom apps for Splunk SOAR, check the custom app dependencies to see which version of the Python cryptography library you specified. If you specified version 40.0.0 or later, you are not affected. See the examples in the following table.

Code SampleAction Required?
{"module": "cryptography==39.0.1"}Yes. Perform the steps described in the Solution section.
{"module": "cryptography"}No. If you do not specify a version number, you are not affected.
{"module": "cryptography==41.0.1"}No. If you specify version 40.0.0 or later, you are not affected.

Refer to the Specifying pip dependencies section of Configure metadata in a JSON schema to define your app’s configuration in the Splunk SOAR documentation for details on where you specified the cryptography library.

Solution

Update the Python cryptography library package specification in your custom app dependency by removing the specific version number for the Python cryptography library. PyPi will attempt to install the most recent library version available.

Example: {"module": "cryptography"}

Note: Splunk recommends not specifying a version number to avoid possible future compatibility issues.

If you require a specific version of the Python cryptography library package, you can still specify your required version. The version must be at least 40.0.0.
Example: {"module": "cryptography==41.0.1"}

For more information on how to create a custom app using the SOAR App Wizard, see Create an app with the App Wizard in the Splunk SOAR documentation.

If you require assistance, contact your Splunk representative or Splunk SOAR Support.