CVE-2024-36991

Published Jul 1, 2024

Last updated 6 months ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-36991 is a path traversal vulnerability affecting Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. An attacker could exploit this vulnerability on the `/modules/messaging/` endpoint, potentially allowing them to read sensitive information from arbitrary files on the server's file system. The vulnerability arises from the use of the `os.path.join` function, which, when combined with a crafted GET request, can allow an attacker to perform a directory listing on the Splunk endpoint. This could lead to unauthorized access to sensitive files. A proof of concept (PoC) exploit is publicly available, demonstrating how a remote, unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to a vulnerable Splunk instance with Splunk Web enabled.

Description
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Source
prodsec@splunk.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-22
prodsec@splunk.com
CWE-35

Social media

Hype score
Not currently trending

Configurations