Critical flaw found in Fluent Bit cloud services monitoring component
- by nlqip
Tenable reported the issue to the project’s maintainers on April 30, and they responded by developing a patched version of the technology, Fluent Bit 3.0.4, released May 21.
Fluent Bit’s developers urged technology providers to update “immediately to keep your systems stable and secure” in a statement on their website.
Vulnerabilities in cloud-based systems are normally patched promptly and without user intervention. CSOonline approached hyperscaler cloud providers for comment, with one responding that it had not been impacted by the issue and criticising Tenable’s research as somewhat sensationalised.
Other technology providers that make use of the log monitoring tool have the vulnerability in hand.
CrowdStrike, for example, said it had updated to the patched version of Fluent Bit within its environment, and there was no direct impact to customers running the patched version of Fluent Bit.
However, it warned, “Customers using the LogScale Kubernetes Logging package should redeploy and update to the patched version of Fluent Bit immediately. We further recommend that customers running their own instances of Fluent Bit verify their versions and apply the necessary updates to mitigate any potential risks.”
Source link
lol
Tenable reported the issue to the project’s maintainers on April 30, and they responded by developing a patched version of the technology, Fluent Bit 3.0.4, released May 21. Fluent Bit’s developers urged technology providers to update “immediately to keep your systems stable and secure” in a statement on their website. Vulnerabilities in cloud-based systems are…
Recent Posts
- Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe
- North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
- FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
- ESET Research Podcast: HotPage
- A Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access