May 21, 2024 at 03:01AM
Cybersecurity researchers discovered a critical security flaw, CVE-2024-4323, in the popular logging and metrics utility Fluent Bit, impacting versions 2.0.7 through 3.0.3. The flaw allows for denial-of-service (DoS), information disclosure, or remote code execution by exploiting the API’s endpoints. Users are urged to update to version 3.0.4 to mitigate potential security threats.
Key takeaways from the meeting notes:
– A critical security flaw, CVE-2024-4323, codenamed Linguistic Lumberjack, has been discovered in Fluent Bit versions 2.0.7 through 3.0.3, with fixes available in version 3.0.4.
– The vulnerability involves memory corruption in Fluent Bit’s built-in HTTP server, allowing for DoS, information leakage, or remote code execution.
– The issue is related to sending maliciously crafted requests to the monitoring API through specific endpoints (/api/v1/traces and /api/v1/trace).
– The flaw exploits flawed validation of input names, assuming data types are strings, which can lead to memory corruption.
– Tenable was able to reliably exploit the issue to crash the service and cause a DoS condition. Remote code execution is also possible depending on environmental factors.
– Users are strongly advised to update to the latest version to mitigate potential security threats, as a proof-of-concept (PoC) exploit has been made available for the flaw.