Homepage
About Snyk

Man-in-the-Middle (MitM) Affecting splunk-sdk package, versions [,1.6.6)

0.0
high

Snyk CVSS

    Attack Complexity High
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.11% (43rd percentile)
Expand this section
NVD
8.1 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-SPLUNKSDK-174097
  • published 5 Apr 2019
  • disclosed 21 Mar 2019
  • credit dan1
Report a new vulnerability Found a mistake?

Introduced: 21 Mar 2019

CVE-2019-5729 Open this link in a new tab
CWE-295 Open this link in a new tab

How to fix?

Upgrade splunk-sdk to version 1.6.6 or higher.

Overview

splunk-sdk is a Software Development Kit (SDK) for Python that contains library code and examples designed to enable developers to build applications using Splunk.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The package does not properly verify untrusted TLS server certificates due to a logic flaw in the way the verify argument was used when validating an SSL connection.