AI description
CVE-2024-36991 is a path traversal vulnerability affecting Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. An attacker could exploit this vulnerability on the `/modules/messaging/` endpoint, potentially allowing them to read sensitive information from arbitrary files on the server's file system. The vulnerability arises from the use of the `os.path.join` function, which, when combined with a crafted GET request, can allow an attacker to perform a directory listing on the Splunk endpoint. This could lead to unauthorized access to sensitive files. A proof of concept (PoC) exploit is publicly available, demonstrating how a remote, unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to a vulnerable Splunk instance with Splunk Web enabled.
- Description
- In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
- Source
- prodsec@splunk.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
GitHub - gunzf0x/CVE-2024-36991: Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. https://t.co/Imiws1zNU0
@akaclandestine
31 Mar 2025
2968 Impressions
25 Retweets
66 Likes
29 Bookmarks
1 Reply
0 Quotes
GitHub - TcchSquad/CVE-2024-36991-Tool: This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests to a vulnerable Splunk instance. It retrieves sensitive files and saves them locally for further analysis. https://t.co/xNzUN0kjhP
@akaclandestine
30 Mar 2025
1438 Impressions
0 Retweets
19 Likes
7 Bookmarks
0 Replies
0 Quotes
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads Splunk Path Traversal Exploit (CVE-2024-36991) https://t.co/8BmLIlFyQk Hunting @zoomeye_team (iconhash="e60c968e8ff3cc2f4fb869588e83afc6") && app="Splunk Enterprise" https://t.co/Op1R
@akaclandestine
30 Mar 2025
765 Impressions
2 Retweets
8 Likes
6 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591",
"versionEndExcluding": "9.0.10",
"versionStartIncluding": "9.0.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE",
"versionEndExcluding": "9.1.5",
"versionStartIncluding": "9.1.0"
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3",
"versionEndExcluding": "9.2.2",
"versionStartIncluding": "9.2.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]