CVE-2022-37438 Information

Description

In Splunk Enterprise versions in the following table an authenticated user can craft a dashboard that could potentially leak information (for example username email and real name) about Splunk users when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.

Reference

https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html https://research.splunk.com/application/f844c3f6-fd99-43a2-ba24-93e35fe84be6