CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
splunksplunk
8.1.0 ≤
𝑥
< 8.1.13
splunksplunk
8.2.0 ≤
𝑥
< 8.2.10
splunksplunk
9.0.0 ≤
𝑥
< 9.0.4
splunksplunk_cloud_platform
𝑥
< 9.0.2209.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2023-0208
https://advisory.splunk.com/advisories/SVD-2023-0208