CVE-2024-36991 PoC — Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows

Source

Associated Vulnerability

Description

Path traversal vulnerability in Splunk Enterprise on Windows

Readme

# CVE-2024-36991 Nuclei Template

## Description

This repository contains a Nuclei template to detect the path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. The vulnerability allows unauthorized access to sensitive files, such as `/etc/passwd`.

## CVE Details

- **CVE ID**: CVE-2024-36991
- **Vulnerability Type**: Path Traversal
- **Affected Software**: Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10
- **Author**: Sardine Web
- **Reference**: 
  - [Twitter Author](https://twitter.com/sardine_web)

## Usage

### Single Scan

To run a single scan using this template, use the following command:


nuclei -u https://target:9090 -t CVE-2024-36991.yaml

# Disclaimer

This template is created for educational purposes only. Unauthorized use of this template on systems you do not own or have explicit permission to test is illegal and unethical. Use this tool responsibly and only on systems where you have permission to perform security testing.

# License

This project is licensed under the MIT License.

Author: Sardine Web

File Snapshot

 [4.0K]  /data/pocs/db303ec9eae75c1ed3f1edf788f6660510deda51
├── [1.0K]  CVE-2024-36991.yaml
└── [1.1K]  README.md

0 directories, 2 files

Remarks