Critical flaw found in Fluent Bit cloud services monitoring component
- by nlqip
Tenable reported the issue to the project’s maintainers on April 30, and they responded by developing a patched version of the technology, Fluent Bit 3.0.4, released May 21.
Fluent Bit’s developers urged technology providers to update “immediately to keep your systems stable and secure” in a statement on their website.
Vulnerabilities in cloud-based systems are normally patched promptly and without user intervention. CSOonline approached hyperscaler cloud providers for comment, with one responding that it had not been impacted by the issue and criticising Tenable’s research as somewhat sensationalised.
Other technology providers that make use of the log monitoring tool have the vulnerability in hand.
CrowdStrike, for example, said it had updated to the patched version of Fluent Bit within its environment, and there was no direct impact to customers running the patched version of Fluent Bit.
However, it warned, “Customers using the LogScale Kubernetes Logging package should redeploy and update to the patched version of Fluent Bit immediately. We further recommend that customers running their own instances of Fluent Bit verify their versions and apply the necessary updates to mitigate any potential risks.”
Source link
lol
Tenable reported the issue to the project’s maintainers on April 30, and they responded by developing a patched version of the technology, Fluent Bit 3.0.4, released May 21. Fluent Bit’s developers urged technology providers to update “immediately to keep your systems stable and secure” in a statement on their website. Vulnerabilities in cloud-based systems are…
Recent Posts
- Microsoft Partners Prepare For Automatic Switch To New Outlook
- Qualcomm: Return Rates For Snapdragon X PCs Are ‘Within Industry Norm’
- 8 Big Comments By Intel’s CEOs On Its AI, PC, Data Center And Foundry Efforts
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector | CISA