In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
Advisories
Source ID Title
EUVD EUVD EUVD-2024-51917 In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00052}

epss

{'score': 0.00059}


Thu, 06 Mar 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Splunk
Splunk splunk
Splunk splunk Cloud Platform
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*
Vendors & Products Splunk
Splunk splunk
Splunk splunk Cloud Platform

Tue, 10 Dec 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Description In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
Title Information Disclosure due to Username Collision with a Role that has the same Name as the User
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Splunk

Published:

Updated: 2025-02-28T11:03:55.614Z

Reserved: 2024-11-19T18:30:28.773Z

Link: CVE-2024-53245

cve-icon Vulnrichment

Updated: 2024-12-10T20:40:41.000Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-10T18:15:41.397

Modified: 2025-03-06T19:54:57.093

Link: CVE-2024-53245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.