Splunk Cloud Platform
Easy fix6 remedies
cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*
Easy fix6 remedies
- < 9.3.2408.107
- < 9.2.2406.112
- < 9.2.2403.115
- < 9.1.2312.208
- < 9.1.2308.214
Splunk Enterprise and Cloud Platform Dashboard Studio Information Disclosure Vulnerability
Vulnerability
Patched
A vulnerability exists in Splunk Enterprise versions prior to 9.4.1, 9.3.3, 9.2.5, and 9.1.8, as well as in Splunk Cloud Platform versions prior to 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208, and 9.1.2308.214. In these versions, a low-privileged user without 'admin' or 'power' roles could bypass the external content warning modal in Dashboard Studio. This bypass could lead to unauthorized information disclosure.
Impact
Exploitation of this vulnerability could result in unauthorized information disclosure.
Remediation
Users can upgrade to Splunk Enterprise versions 9.1.8, 9.2.5, 9.3.3, or 9.4.1. For Splunk Cloud Platform, no action is needed as Splunk is actively monitoring and patching instances. Additionally, users can turn off Splunk Web as a workaround.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
3.3remediation
8.3relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.