We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-53245

Information Disclosure due to Username Collision with a Role that has the same Name as the User



Description

In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.

Reserved 2024-11-19 | Published 2024-12-10 | Updated 2025-02-28 | Assigner Splunk


LOW: 3.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Product status

9.2 before 9.2.4
affected

9.1 before 9.1.7
affected

9.1.2312 before 9.1.2312.206
affected

References

advisory.splunk.com/advisories/SVD-2024-1203

cve.org (CVE-2024-53245)

nvd.nist.gov (CVE-2024-53245)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-53245

Support options

Helpdesk Chat, Email, Knowledgebase