一、 漏洞 CVE-2024-36991 基础信息
漏洞信息
                                        # Splunk Enterprise在Windows上的“/modules/messaging/”端点存在路径穿越漏洞

## 漏洞概述
在Splunk Enterprise Windows版本中,存在一个路径遍历漏洞,攻击者可以通过/modules/messaging/端点进行路径遍历攻击。

## 影响版本
- 低于9.2.2的版本
- 低于9.1.5的版本
- 低于9.0.10的版本

## 漏洞细节
攻击者可以利用此漏洞在Splunk Enterprise Windows版本上进行路径遍历攻击,通过/modules/messaging/端点访问受限文件或目录。

## 影响
此漏洞仅影响Windows上的Splunk Enterprise版本。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
路径遍历:’…/…//’
来源:美国国家漏洞数据库 NVD
漏洞标题
Splunk 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-36991 的公开POC
# POC 描述 源链接 神龙链接
1 POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file. https://github.com/bigb0x/CVE-2024-36991 POC详情
2 Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows https://github.com/Mr-xn/CVE-2024-36991 POC详情
3 CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. https://github.com/th3gokul/CVE-2024-36991 POC详情
4 Path traversal vulnerability in Splunk Enterprise on Windows https://github.com/sardine-web/CVE-2024-36991 POC详情
5 Path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10 that allows reading sensitive files. https://github.com/Cappricio-Securities/CVE-2024-36991 POC详情
6 Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads https://github.com/jaytiwari05/CVE-2024-36991 POC详情
7 This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests to a vulnerable Splunk instance. It retrieves sensitive files and saves them locally for further analysis. The script is modular, allowing users to target specific file categories (e.g., credentials, logs, configurations). https://github.com/TcchSquad/CVE-2024-36991-Tool POC详情
8 Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. https://github.com/gunzf0x/CVE-2024-36991 POC详情
9 The modified version of the original script can be described as a Proof of Concept (PoC) Exploit Script for CVE-2024-36991, designed to read sensitive files from a vulnerable Splunk Enterprise instance by leveraging path traversal techniques. https://github.com/xploitnik/CVE-2024-36991-modified POC详情
10 In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36991.yaml POC详情
11 None https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Splunk%20Enterprise%20Windows%20%E5%B9%B3%E5%8F%B0%20messaging%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E%20CVE-2024-36991.md POC详情
三、漏洞 CVE-2024-36991 的情报信息