Unrated severityNVD Advisory· Published Dec 10, 2024· Updated Feb 28, 2025
Information Disclosure due to Username Collision with a Role that has the same Name as the User
CVE-2024-53245
Description
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<9.1.2312.206+ 1 more
- (no CPE)range: <9.1.2312.206
- (no CPE)range: 9.1.2312
<9.3.0+ 1 more
- (no CPE)range: <9.3.0
- (no CPE)range: 9.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.