From tenable.com
Key takeaways
- Fluent Bit is a logging utility heavily used by all major cloud providers.
- Tenable Research discovered a critical vulnerability dubbed Linguistic Lumberjack (CVE-2024-4323) within Fluent Bit’s built-in HTTP server that could potentially allow for denial of service, information disclosure, or remote code execution.
- The vulnerability was introduced in version 2.0.7 and exists thru 3.0.3. It is fixed in the main source branch and is expected in release 3.0.4.
- The issue can be resolved by …
- … upgrading to the latest version of Fluent Bit.
- … appropriately limiting access to the vulnerable endpoint.