In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-1203 |
History
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. | |
Title | Information Disclosure due to Username Collision with a Role that has the same Name as the User | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-12-10T18:00:33.254Z
Updated: 2024-12-10T21:14:03.947Z
Reserved: 2024-11-19T18:30:28.773Z
Link: CVE-2024-53245
Vulnrichment
Updated: 2024-12-10T20:40:41.000Z
NVD
Status : Received
Published: 2024-12-10T18:15:41.397
Modified: 2024-12-10T18:15:41.397
Link: CVE-2024-53245
Redhat
No data.