CVE-2024-53245
CVSS 3.1 Score 3.1 of 10 (low)
Details
Published Dec 10, 2024
CWE ID 200
Summary
CVE-2024-53245 is a vulnerability affecting Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7, as well as Splunk Cloud Platform versions below 9.1.2312.206. A low-privileged user, who doesn't possess the "admin" or "power" roles but shares a username with a role having read access to dashboards, can clone those dashboards, thereby gaining access to their names and XML content. This issue may expose sensitive dashboard information and could potentially be exploited for unauthorized data access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share