Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Critical Fluent Bit Vulnerabilities Discovered in Widely Used Cloud Logging Tool
Advertisements

Cybersecurity researchers from Tenable have discovered a set of vulnerabilities in Fluent Bit, a widely deployed open-source logging and metrics processor. The collection of flaws has been named ‘Linguistic Gaps’ by the research team. Fluent Bit is a graduated project of the Cloud Native Computing Foundation (CNCF) and is utilized by major cloud service providers, including Microsoft Azure, Google Cloud, and Amazon Web Services (AWS).

The most severe of the discovered vulnerabilities is tracked as CVE-2024-4323. This flaw is described as a memory corruption vulnerability within Fluent Bit’s built-in web server. The reported impacts of this vulnerability include denial-of-service (DoS), information disclosure, and the potential for remote code execution (RCE). The vulnerability is located in the monitoring API endpoints, which are used for querying and managing various internal aspects of the service.

Details of the Vulnerabilities

The core issue identified in CVE-2024-4323 relates to how the application’s API handles requests involving special crafted inputs. The researchers found that sending specific data to the API endpoints could trigger a heap buffer overflow. This type of memory corruption was demonstrated to cause the service to crash, leading to a denial-of-service condition. Further analysis by Tenable indicated that this memory corruption could be leveraged for remote code execution. Other, less severe vulnerabilities were also discovered as part of the ‘Linguistic Gaps’ disclosure, involving additional DoS vectors and information disclosure.

Scope of Impact and Remediation

Fluent Bit’s widespread adoption places a vast number of systems at risk. Its function as a default logging and observability solution in major cloud environments means it is present in countless enterprise networks. The researchers at Tenable disclosed their findings to the CNCF on April 30, 2024. Following this responsible disclosure, a patch was developed to address the vulnerabilities. The maintainers of the Fluent Bit project released version 3.0.4 on May 15, 2024, which contains the necessary security fixes. All users of Fluent Bit are advised to update to the patched version to mitigate the risks associated with these vulnerabilities.

Source: https://www.csoonline.com/article/4095860/fluent-bit-vulnerabilities-could-enable-full-cloud-takeover.html