CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://advisory.splunk.com/advisories/SVD-2023-0208	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk_cloud_platform::::::::

History

No history.

Information

Published : 2023-02-14 18:15

Updated : 2024-04-10 01:15

NVD link : CVE-2023-22938

Mitre link : CVE-2023-22938

CVE.ORG link : CVE-2023-22938

JSON object : View

Products Affected

splunk

splunk
splunk_cloud_platform

CWE

NVD-CWE-noinfo CWE-285

Improper Authorization

{"id": "CVE-2023-22938", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-02-14T18:15:12.617", "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2023-0208", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018sendemail\u2019 REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the \u2018splunk-system-user\u2019 account on the local instance."}], "lastModified": "2024-04-10T01:15:11.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "24C628AD-CF89-4FD5-B58F-38D150D2F535", "versionEndExcluding": "8.1.13", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2A60A4-55C6-4C11-B86D-452CC43D85FF", "versionEndExcluding": "8.2.10", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "39FFDC8F-FC45-41E7-8353-D09AAE26F50F", "versionEndExcluding": "9.0.4", "versionStartIncluding": "9.0.0"}, {"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF379C7-8910-4C30-882A-4CE9F9C9992C", "versionEndExcluding": "9.0.2209.3"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}