{"uuid": "ad100f57-9bb1-4c67-8021-054d81cfadb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-22938", "type": "seen", "source": "https://t.me/cibsecurity/58126", "content": "\u203c CVE-2023-22938 \u203c\n\nIn Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u00e2\u20ac\u02dcsendemail\u00e2\u20ac\u2122 REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the \u00e2\u20ac\u02dcsplunk-system-user\u00e2\u20ac\u2122 account on the local instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T20:35:51.000000Z"}