CVE-2024-36991

Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows

Basic Information

CVE State: PUBLISHED
Reserved Date: May 30, 2024
Published Date: July 01, 2024
Last Updated: February 28, 2025
Vendor: Splunk
Product: Splunk Enterprise
Description: In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Tags

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source	Added Date
The Shadowserver (via CIRCL)	2025-05-04 00:00:00 UTC

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36991.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: github • Created: 2025-03-31 04:24:18 UTC • Stars: 3

Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read.

Type: github • Created: 2025-03-30 14:50:21 UTC • Stars: 3

Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads

Type: github • Created: 2024-07-10 09:42:08 UTC • Stars: 2

Path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10 that allows reading sensitive files.

Type: github • Created: 2024-07-06 15:24:24 UTC • Stars: 3

CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10.

Type: github • Created: 2024-07-06 01:00:57 UTC • Stars: 7

Path Traversal On The "/Modules/Messaging/" Endpoint In Splunk Enterprise On Windows

Type: github • Created: 2024-07-06 00:49:40 UTC • Stars: 120

POC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file.