Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-36991Path Traversal: '.../...//' in Enterprise

CWE-35Path Traversal: '.../...//'CWE-22Path Traversal6 documents6 sources
Severity
7.5HIGHNVD
EPSS
93.5%
top 0.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Splunk EnterpriseSplunk
Timeline
PublishedJul 1
Latest updateJul 9

Description

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5splunk/splunk_enterprise9.29.2.2+2
NVDsplunk/splunk9.0.09.0.10+2

🔴Vulnerability Details

3
CVEList
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows2024-07-01
GHSA
GHSA-fg59-j242-rcj9: In Splunk Enterprise on Windows versions below 92024-07-01
VulnCheck
splunk splunk Path Traversal: '.../...//'2024

💥Exploits & PoCs

1
Nuclei
Splunk Enterprise - Local File Inclusion

🔍Detection Rules

1
Suricata
ET EXPLOIT Splunk Unauthenticated Path Traversal Attempt Inbound (CVE-2024-36991)2024-07-09
CVE-2024-36991 — Path Traversal: '.../...//' in Splunk | cvebase