Tenable reported the issue to the project’s maintainers on April 30, and they responded by developing a patched version of the technology, Fluent Bit 3.0.4, released May 21.

Fluent Bit’s developers urged technology providers to update “immediately to keep your systems stable and secure” in a statement on their website.

Vulnerabilities in cloud-based systems are normally patched promptly and without user intervention. CSOonline approached hyperscaler cloud providers for comment, with one responding that it had not been impacted by the issue and criticising Tenable’s research as somewhat sensationalised.

Other technology providers that make use of the log monitoring tool have the vulnerability in hand.

CrowdStrike, for example, said it had updated to the patched version of Fluent Bit within its environment, and there was no direct impact to customers running the patched version of Fluent Bit.

However, it warned, “Customers using the LogScale Kubernetes Logging package should redeploy and update to the patched version of Fluent Bit immediately. We further recommend that customers running their own instances of Fluent Bit verify their versions and apply the necessary updates to mitigate any potential risks.”