Third-Party Package Updates in Splunk Add-on Builder - January 2024
Advisory ID: SVD-2024-0112
CVE ID: Multiple
Published: 2024-01-30
Last Update: 2024-01-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Add-on Builder version 4.1.4, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| requests | Upgraded to 2.31.0 | CVE-2023-32681 | Medium |
| semver | Upgraded to 5.7.2 | CVE-2022-25883 | High |
Solution
For Splunk Add-on Builder, upgrade to version 4.1.4.
Splunk Add-on Builder replicates the requests Python HTTP library to custom apps and add-ons. After you upgrade Splunk Add-on Builder, review the following additional information if you use Add-on Builder to edit custom apps or add-ons:
1. Use Add-on Builder to edit and save the affected app. See the Add-on Builder documentation for more information.
2. Restart Splunk Enterprise
If the custom app or add-on is also installed on instances without Add-on Builder, you must package the upgraded custom app or add-on, then install it on the instances. See Validate and Package and Package apps for more information.
For affected apps and add-ons that are already on SplunkBase, as a third-party developer, you must publish an updated version of the app or add-on to SplunkBase. For more information, see Publish apps for Splunk Cloud Platform or Splunk Enterprise to Splunkbase. Cloud-vetted apps are subject to the Cloud Vetting Change Policy.
Note: The Splunk Add-on Builder does not replicate the semver (Semantic Version parser) library to custom apps and add-ons.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on Builder | - | - | Below 4.1.4 | 4.1.4 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.