Attackers can siphon information from Splunk Enterprise if an authenticated
Splunk user visits a malicious webpage.
Some useful data gained is the currently logged in username and if remote
user setting is enabled. After, the username
can be use to Phish or Brute Force Splunk Enterprise login. Additional
information stolen may aid in furthering attacks.

http://seclists.org/fulldisclosure/2017/Mar/89