PT-2023-18781 · Splunk · Splunk Enterprise
James Ervin
·
Publicado
2023-02-14
·
Atualizado
2024-04-10
·
CVE-2023-22938
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 8.1.13
Splunk Enterprise versions prior to 8.2.10
Splunk Enterprise versions prior to 9.0.4
Description
The issue allows any authenticated user to send an email as the Splunk instance through the "sendemail" REST API endpoint. This endpoint is now restricted to the
splunk-system-user account on the local instance.Recommendations
For versions prior to 8.1.13, update to version 8.1.13 or later to restrict the "sendemail" REST API endpoint to the
splunk-system-user account.
For versions prior to 8.2.10, update to version 8.2.10 or later to restrict the "sendemail" REST API endpoint to the splunk-system-user account.
For versions prior to 9.0.4, update to version 9.0.4 or later to restrict the "sendemail" REST API endpoint to the splunk-system-user account.Correção
Improper Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Splunk Enterprise