CVE-2023-22938Improper Authorization in Cloud Platform

CWE-285Improper Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 51.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Cloud PlatformSplunk EnterpriseSplunk
Timeline
PublishedFeb 14
Latest updateJul 6

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise8.18.1.13+2
NVDsplunk/splunk8.1.08.1.13+2
CVEListV5splunk/splunk_cloud_platform-9.0.2212

🔴Vulnerability Details

2
GHSA
GHSA-f44g-3vj9-vwv9: In Splunk Enterprise versions below 82023-07-06
CVEList
Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise2023-02-14
CVE-2023-22938 — Improper Authorization in Splunk | cvebase