Tenable reported the issue to project maintainers on April 30, and they responded by creating a patched version of the technology, Fluent Bit 3.0.4, released on May 21.
Fluent Bit developers urged technology providers to update “promptly to keep your systems stable and secure” in a statement on their website.
Vulnerabilities in cloud-based systems are usually patched quickly and without user intervention. CSOonline approached the hyperscaler cloud provider for comment, one responded that it was not affected by the issue and criticized Tenable’s research as somewhat emotional.
Some technology providers that use a log monitoring tool have a vulnerability in hand.
CrowdStrike, for example, said it had upgraded to a patched version of Fluent Bit on its site, and there was no direct impact on customers using the patched version of Fluent Bit.
However, it warned, “Customers using the LogScale Kubernetes Logging package should re-install and update to the patched version of Fluent Bit immediately. We also recommend that customers running their own instances of Fluent Bit verify their versions and apply the necessary updates to mitigate any potential risks.”
Source link