CVE-2024-53245

🗓️ 10 Dec 2024 18:00:33Reported by SplunkType

Low-privileged users in Splunk can clone dashboards exposing names and XML due to role name match.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-53245	10 Dec 202418:17	–	circl
CNNVD	Splunk Enterprise和Splunk Cloud Platform 安全漏洞	10 Dec 202400:00	–	cnnvd
Cvelist	CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User	10 Dec 202418:00	–	cvelist
EUVD	EUVD-2024-51917	3 Oct 202520:07	–	euvd
NVD	CVE-2024-53245	10 Dec 202418:15	–	nvd
Positive Technologies	PT-2024-35690 · Splunk · Splunk Cloud Platform +1	10 Dec 202400:00	–	ptsecurity
Tenable Nessus	Splunk Enterprise 9.1.0 < 9.1.7, 9.2.0 < 9.2.4 (SVD-2024-1203)	10 Dec 202400:00	–	nessus
Vulnrichment	CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User	10 Dec 202418:00	–	vulnrichment

NVD

Node

splunk splunkRange9.1.0–9.1.7enterprise

splunk splunkRange9.2.0–9.2.4enterprise

splunk splunk_cloud_platformRange9.1.2312–9.1.2312.206

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.4"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.7"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.1.2312",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2312.206"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2024-1203

06 Mar 2025 20:11Current

3.9Low risk

Vulners AI Score3.9

CVSS 3.13.1 - 4.3

EPSS0.00422

SSVC

CWE-200