Tenable reported the difficulty to the mission’s maintainers on April 30, and so they responded by creating a patched model of the expertise, Fluent Bit 3.0.4, launched Might 21.
Fluent Bit’s builders urged expertise suppliers to replace “instantly to maintain your methods steady and safe” in a press release on their web site.
Vulnerabilities in cloud-based methods are usually patched promptly and with out consumer intervention. CSOonline approached hyperscaler cloud suppliers for remark, with one responding that it had not been impacted by the difficulty and criticising Tenable’s analysis as considerably sensationalised.
Different expertise suppliers that make use of the log monitoring instrument have the vulnerability in hand.
CrowdStrike, for instance, stated it had up to date to the patched model of Fluent Bit inside its surroundings, and there was no direct affect to prospects operating the patched model of Fluent Bit.
Nonetheless, it warned, “Prospects utilizing the LogScale Kubernetes Logging package deal ought to redeploy and replace to the patched model of Fluent Bit instantly. We additional suggest that prospects operating their very own cases of Fluent Bit confirm their variations and apply the required updates to mitigate any potential dangers.”
