Fluent Bit, a logging utility used by several major companies has been impacted by a severe vulnerability to its system.
Fluent Bit operates as an open-source data collector and processor that handles large swaths of data from a myriad of sources. The vulnerability, detailed by cybersecurity firm Tenable, leaves the logging utility exposed to denial-of-service (DoS) attacks, information disclosure, as well as remote code execution (RCE). Major companies that use Fluent Bit include Google, Microsoft, Cloud, AWS, as well as Cisco, Linkedin, and Adobe to name a few. According to Tenable researchers, the discovery of a critical memory corruption vulnerability was found in a built-in HTTP server. Additionally, a user or service that can gain access to the Fluent Bit monitoring API would be able to launch a DoS attack. Potential hackers could also possibly exploit the vulnerability for RCE, and even potentially access sensitive information. Tenable announced the discovery of the vulnerability in April and a patch has since been developed that is in the processing stages.
Read more:
