CVE-2023-22938

Summary

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise8.1 < 8.1.13affected
SplunkSplunk Enterprise8.2 < 8.2.10affected
SplunkSplunk Enterprise9.0 < 9.0.4affected
SplunkSplunk Cloud Platform- < 9.0.2212affected

Weaknesses

  • CWE-285: The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References