Cybersecurity researchers at Tenable have discovered four significant vulnerabilities in Fluent Bit, a widely deployed open-source logging and metrics solution. The set of flaws, collectively named LinguisticLlama, includes a critical remote code execution (RCE) vulnerability that poses a substantial risk to cloud environments.

Fluent Bit is a popular project under the Cloud Native Computing Foundation (CNCF) and is utilized by major cloud providers, including Google Cloud, Microsoft Azure, and Amazon Web Services. Its extensive use means these vulnerabilities affect a vast number of systems globally.

Vulnerability Details: CVE-2024-4323

The most severe vulnerability identified is CVE-2024-4323, which has been assigned a CVSS score of 9.8, indicating a critical severity level. This flaw is a memory corruption issue within Fluent Bit’s built-in HTTP server. The successful exploitation of this vulnerability can lead to denial-of-service (DoS), information disclosure, or remote code execution. In addition to this critical flaw, Tenable’s researchers also found three other vulnerabilities that could result in denial of service or memory corruption.

Impact and Official Remediation

The vulnerabilities affect Fluent Bit versions 2.0.7 through 3.0.3. Given Fluent Bit’s role as a default logging solution in major cloud platforms, the discovery on May 20, 2024, prompted an immediate response. The maintainers of the project have released a patched version, Fluent Bit 3.0.4, to address all the discovered security flaws. All users and organizations running affected versions are strongly advised to update to the patched version to mitigate the risks associated with these vulnerabilities.

Source: https://www.infosecurity-magazine.com/news/flaws-expose-risks-fluent-bit/