CVE-2024-53245

EUVD-2024-51917
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
SplunkCNA
3.1 LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
splunksplunk
9.1.0 ≤
𝑥
< 9.1.7
splunksplunk
9.2.0 ≤
𝑥
< 9.2.4
splunksplunk_cloud_platform
9.1.2312 ≤
𝑥
< 9.1.2312.206
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2024-1203