CVE-2024-53245

Published Dec 10, 2024

Last updated 3 months ago

CVSS low 3.1

Overview

Description
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
Source
prodsec@splunk.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.1
Impact score
1.4
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

prodsec@splunk.com
CWE-200

Social media

Hype score
Not currently trending

  1. CVE-2024-53245 Splunk Enterprise Low-Privileged User Dashboard Access Vulnerability In Splunk Enterprise versions before 9.3.0, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions before 9.1.2312.206, there's a ... https://t.co/zsxMauOqFn

    @VulmonFeeds

    10 Dec 2024

    52 Impressions

    2 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References