CVE-2024-36991

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10

Description: The issue is related to a path traversal vulnerability in Splunk Enterprise on Windows, which could allow an attacker to perform a path traversal on the "/modules/messaging/" endpoint. This vulnerability should only affect Splunk Enterprise on Windows. The estimated number of potentially affected devices worldwide is around 257,400 services. The vulnerability can be exploited to read sensitive files, such as the Splunk passwd file.

Recommendations: For versions prior to 9.2.2, update to version 9.2.2 or later. For versions prior to 9.1.5, update to version 9.1.5 or later. For versions prior to 9.0.10, update to version 9.0.10 or later. As a temporary workaround, consider restricting access to the "/modules/messaging/" endpoint until a patch is available.