### [CVE-2024-36991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36991)
![](https://img.shields.io/static/v1?label=Product&message=Splunk%20Enterprise&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=9.2%3C%209.2.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20software%20uses%20external%20input%20to%20construct%20a%20pathname%20that%20should%20be%20within%20a%20restricted%20directory%2C%20but%20it%20does%20not%20properly%20neutralize%20'...%2F...%2F%2F'%20(doubled%20triple%20dot%20slash)%20sequences%20that%20can%20resolve%20to%20a%20location%20that%20is%20outside%20of%20that%20directory.&color=brighgreen)

### Description

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/Ostorlab/KEV
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/onewinner/POCS