Security Advisory

CVE-2023-22938

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-14 17:24:46

Last updated 2025-03-19 18:53:03

Assigner Splunk

State PUBLISHED

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance.

← Browse all CVEs View on cve.org ↗