Warning: A Critical Vulnerability Affects Fluent Bit
CVE-2024-4323 :CVSS 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
Risks
Fluent Bit, is a very popular logging and metrics solution for Windows, Linux, and MacOS X embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure.
Fluent Bit is affected by a memory corruption vulnerability that has a low attack complexity, does not require any privileges and has a HIGH impact on Confidentiality, Integrity and Availability.
Description
CVE-2024-4323: Memory Corruption
A memory corruption vulnerability is affecting Fluent Bit versions 2.0.7 through 3.0.3. The issue lies in the embedded HTTP server’s parsing mechanism of trace requests that are addressed to its monitoring API.
Fluent Bit’s monitoring API is intended to allow administrators or other users to query and monitor information internal to the service itself. /api/v1/traces
and /api/v1/trace
, which allow end-users to enable, disable, or retrieve information about configured traces, can be queried by any user with access to this API. By passing non-string values in the “inputs” array of requests, such as integer values, it is possible to cause a variety of memory corruption issues that could lead to denial of service conditions, information disclosure, or remote code execution.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.