CVE-2024-36990: 
Splunk Enterprise vulnerability analysis and mitigation

A vulnerability (CVE-2024-36990) was discovered in Splunk Enterprise and Splunk Cloud Platform that affects versions below 9.2.2, 9.1.5, 9.0.10, and 9.2.2403.100 respectively. The vulnerability allows an authenticated user with low privileges (without admin or power roles) to potentially cause a denial of service by sending a specially crafted HTTP POST request to the datamodel/web REST endpoint (Splunk Advisory).

The vulnerability is classified as CWE-835 (Loop with Unreachable Exit Condition - 'Infinite Loop'). The denial of service condition occurs when a data model definition contains a cyclic dependency, which can lead to an infinite loop resulting in a stack overflow and subsequent crash of the Splunk daemon. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Splunk Advisory).

When successfully exploited, this vulnerability can cause a denial of service condition in the Splunk environment, potentially leading to the shutdown of the Splunk HTTP engine. The impact is limited to availability, with no direct effect on confidentiality or integrity of the system (Splunk Advisory).

The recommended solution is to upgrade Splunk Enterprise to versions 9.2.2, 9.1.5, and 9.0.10 or higher. For Splunk Cloud Platform, Splunk is performing upgrades on instances as part of Routine Maintenance for customers, as described in the Splunk Cloud Platform Maintenance Policy. No alternative workarounds are available (Splunk Advisory).