CVE-2024-53245: 
Splunk Enterprise vulnerability analysis and mitigation

CVE-2024-53245 is a vulnerability discovered in Splunk Enterprise and Splunk Cloud Platform that was disclosed on December 10, 2024. The vulnerability affects Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7, and Splunk Cloud Platform versions below 9.1.2312.206. This security issue allows low-privileged users without admin or power roles to access dashboard information they shouldn't have permission to view (Splunk Advisory, NVD).

The vulnerability occurs when a user's username matches a role that has read access to dashboards. In such cases, the user can exploit this condition to view both the dashboard name and the dashboard XML by using the dashboard cloning functionality. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) by NIST and 3.1 (LOW) by Splunk Inc., with a vector string of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. It is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD, Splunk Advisory).

The primary impact of this vulnerability is the potential exposure of sensitive dashboard information. Affected users can view dashboard names and XML configurations that should be restricted, potentially leading to the disclosure of sensitive business information or system configurations (Splunk Advisory).

The primary mitigation is to upgrade Splunk Enterprise to versions 9.3.0, 9.2.4, 9.1.7, or higher. For Splunk Cloud Platform, users should upgrade to version 9.1.2312.206 or higher. As a workaround, organizations can disable Splunk Web, though this may impact functionality. Splunk is actively monitoring and patching affected Splunk Cloud Platform instances (Splunk Advisory).