CVE-2024-53245

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the admin or power Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
SplunkCNA
3.1 LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
splunksplunk
9.1.0 ≤
𝑥
< 9.1.7
splunksplunk
9.2.0 ≤
𝑥
< 9.2.4
splunksplunk_cloud_platform
9.1.2312 ≤
𝑥
< 9.1.2312.206
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://advisory.splunk.com/advisories/SVD-2024-1203