This vulnerability in Splunk Enterprise and Splunk Cloud Platform involves improper validation of style attribute values in classic dashboard panels. A low-privileged user can create a dashboard that causes a higher-privileged user's browser to send requests to external domains outside the Trusted Domains List, potentially exfiltrating sensitive data. Exploitation requires user interaction via phishing. Affected versions include Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and corresponding Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132. The CVSS 3.1 base score is 5.7 (medium severity), reflecting network attack vector, low attack complexity, low privileges required, user interaction required, unchanged scope, high confidentiality impact, and no integrity or availability impact. No vendor advisory or patch information is provided, and no known exploits in the wild are reported.

An attacker with low privileges can craft a malicious dashboard that causes a higher-privileged user's browser to send data to external domains, leading to potential sensitive data exfiltration. This impacts confidentiality but does not affect integrity or availability. Exploitation requires phishing to induce user interaction, limiting the attacker's ability to exploit the vulnerability at will.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict dashboard creation permissions to trusted users and educate users to be cautious of phishing attempts that could trigger malicious dashboards. Monitor updates from Splunk for patches addressing this vulnerability.