CVE-2024-36991 | THREATINT

Description

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

PUBLISHED Reserved 2024-05-30 | Published 2024-07-01 | Updated 2025-02-28 | Assigner Splunk

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Product status

9.2 (custom) before 9.2.2

affected

9.1 (custom) before 9.1.5

affected

9.0 (custom) before 9.0.10

affected

Credits

Danylo Dmytriiev (DDV_UA)

References

advisory.splunk.com/advisories/SVD-2024-0711

research.splunk.com/.../e7c2b064-524e-4d65-8002-efce808567aa

advisory.splunk.com/advisories/SVD-2024-0711

research.splunk.com/.../e7c2b064-524e-4d65-8002-efce808567aa

cve.org (CVE-2024-36991)

nvd.nist.gov (CVE-2024-36991)

Download JSON

help @ threatint.eu