Create Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md

Splunk Enterprise for Windows en-US_modules_messaging File Reading Vulnerability.md

@@ -0,0 +1,22 @@
+## 	Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability（CVE-2024-36991）
+
+|   **Vulnerability**  | Splunk Enterprise for Windows /en-US/modules/messaging File Reading Vulnerability（CVE-2024-36991）) |
+| :----:   | :-----|
+|  **Chinese name**  |	Splunk Enterprise for Windows /en-US/modules/messaging 文件读取漏洞（CVE-2024-36991） |
+| **CVSS core**  | 		7.5 |
+| **FOFA Query**  (click to view the results directly)|  [	app="splunk-Enterprise"](https://fofa.info/result?qbase64=Ym9keT0iX19zcGx1bmtkX3BhcnRpYWxzX18iICB8fCAoaGVhZGVyPSJTZXQtQ29va2llOiBzcGx1bmt3ZWJfdWlkPSIgJiYgYm9keT0iZW50ZXJwcmlzZSIp)|
+| **Number of assets affected**  | 218643 |
+| **Description**  |Splunk Enterprise is a data analysis and search tool used for real-time collection, monitoring, and analysis of big data generated by machines, such as log files, clickstreams, and sensor data. It enables users to correlate and analyze data across multiple sources and formats, providing insights into operational efficiency, security, and customer behavior. |
+| **Impact** | In the Windows version of Splunk Enterprise, the Python os.path.join function is used to construct paths. This function, when processing paths, will remove the drive letter from the path marker if the drive letter in the path matches that in the constructed path. This allows attackers to access or modify files on the system by constructing specific requests. 
+
+Affected versions:
+
+ From 9.2.0 to 9.2.1 (excluding 9.2.2) 
+
+From 9.1.0 to 9.1.4 (excluding 9.1.5) 
+
+From 9.0.0 to 9.0.9 (excluding 9.0.10)|
+
+![](https://s3.bmp.ovh/imgs/2024/07/10/cd9b5cdf1172c646.gif)
+
+Goby下载（download):[ https://gobysec.net/#dl](https://gobysec.net/#dl)