Vulnerabilities > CVE-2024-53245 - Unspecified vulnerability in Splunk and Splunk Cloud Platform

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

splunk

NVD

Published: 2024-12-10

Updated: 2025-03-06

Summary

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.

Vulnerable Configurations

Part	Description	Count
Application	Splunk Splunk Splunk 9.1.0 Splunk Splunk 9.1.0.1 Splunk Splunk 9.1.0.2 Splunk Splunk 9.1.1 Splunk Splunk 9.1.2 Splunk Splunk 9.1.3 Splunk Splunk 9.1.4 Splunk Splunk 9.1.5 Splunk Splunk 9.1.6 Splunk Splunk 9.2.0 Splunk Splunk 9.2.1 Splunk Splunk 9.2.2 Splunk Splunk 9.2.3 Splunk Splunk Cloud Platform 9.1.2312 Splunk Splunk Cloud Platform 9.1.2312.100 Splunk Splunk Cloud Platform 9.1.2312.108 Splunk Splunk Cloud Platform 9.1.2312.109	17

References

https://advisory.splunk.com/advisories/SVD-2024-1203