CVE-2024-36991

Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows

CVSS 7.5 HIGHEPSS 13.1%CWE-35

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Splunk · Splunk Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://advisory.splunk.com/advisories/SVD-2024-0711 https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa