From 473574e90ebda55938c7dea6730e9571c00f49f9 Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Wed, 10 Jul 2024 14:40:56 +0800 Subject: [PATCH] Create Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md --- ...es_messaging File Reading Vulnerability.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md diff --git a/Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md b/Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md new file mode 100644 index 0000000..23194fd --- /dev/null +++ b/Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md @@ -0,0 +1,22 @@ +## Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability(CVE-2024-36991) + +| **Vulnerability** | Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability(CVE-2024-36991)) | +| :----: | :-----| +| **Chinese name** | Splunk Enterprise for Windows /en-US/modules/messaging 文件读取漏洞(CVE-2024-36991) | +| **CVSS core** | 7.5 | +| **FOFA Query** (click to view the results directly)| [ app="splunk-Enterprise"](https://fofa.info/result?qbase64=Ym9keT0iX19zcGx1bmtkX3BhcnRpYWxzX18iICB8fCAoaGVhZGVyPSJTZXQtQ29va2llOiBzcGx1bmt3ZWJfdWlkPSIgJiYgYm9keT0iZW50ZXJwcmlzZSIp)| +| **Number of assets affected** | 218643 | +| **Description** |Splunk Enterprise is a data analysis and search tool used for real-time collection, monitoring, and analysis of big data generated by machines, such as log files, clickstreams, and sensor data. It enables users to correlate and analyze data across multiple sources and formats, providing insights into operational efficiency, security, and customer behavior. | +| **Impact** | In the Windows version of Splunk Enterprise, the Python os.path.join function is used to construct paths. This function, when processing paths, will remove the drive letter from the path marker if the drive letter in the path matches that in the constructed path. This allows attackers to access or modify files on the system by constructing specific requests. + +Affected versions: + + From 9.2.0 to 9.2.1 (excluding 9.2.2) + +From 9.1.0 to 9.1.4 (excluding 9.1.5) + +From 9.0.0 to 9.0.9 (excluding 9.0.10)| + +![](https://s3.bmp.ovh/imgs/2024/07/10/cd9b5cdf1172c646.gif) + +Goby下载(download):[ https://gobysec.net/#dl](https://gobysec.net/#dl)