Cloud Security, Application security

Major cloud platforms at risk of critical Fluent Bit vulnerability

AWS - Amazon Web Services

Microsoft Azure, Google Cloud Platform, Amazon Web Services, and other major cloud providers and technology firms could be compromised in attacks leveraging the critical memory corruption flaw within the widely used logging and metrics software Fluent Bit, according to BleepingComputer.

Such a vulnerability, tracked as CVE-2024-4323 and also known as Linguistic Lumberjack, could be leveraged by threat actors to facilitate remote code execution and denial-of-service attacks, as well as data exfiltration activities, a report from Tenable revealed.

"The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished," said researchers.

Microsoft, Google, and Amazon have already been informed regarding the issue, which is expected to be fixed with Fluent Bit 3.0.4 release. Meanwhile, organizations using the vulnerable logging utility in their infrastructure have been urged to restrict Fluent Bit monitoring API access or deactivate the vulnerable API endpoint.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.