This vulnerability affects Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. A low-privileged user lacking admin or power roles can create a malicious classic dashboard that bypasses external content restrictions via CSS injection. The Trusted Domains security check fails to fully validate inline style attribute values, allowing outbound requests to untrusted domains and potential credential exfiltration when a higher-privileged user views the dashboard. The CVSS 3.1 base score is 5.7, indicating medium severity, with network attack vector, low attack complexity, low privileges required, and user interaction needed. No official remediation or patch information is provided in the available data.

The vulnerability enables data exfiltration of sensitive information from higher-privileged users to external servers through crafted dashboards created by low-privileged users. This can lead to unauthorized disclosure of sensitive data. The attack requires a victim with higher privileges to view the malicious dashboard, and the exploit leverages improper validation of inline CSS styles to bypass external content restrictions.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict dashboard creation permissions to trusted users only and monitor for suspicious dashboard content. Avoid viewing dashboards from untrusted or unknown users. Follow vendor advisories closely for updates on patches or official mitigations.