CVE-2023-22938 MEDIUM

CVE-2023-22938: Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

Vendor Splunk
Product Splunk Enterprise
Weakness CWE-285
Published February 14, 2023
Last update March 19, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

Key dates

02Disclosure timeline

February 14, 2023 CVE published
March 19, 2025 Record updated

Related vulnerabilities

04Related CVE