View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Fluent Bit flaw discovered that impacts every major cloud provider

The Fluent Bit memory corruption vulnerability could allow threat actors to mount DDoS or remote execution attacks.

By Greg Noone

A flaw has been discovered in Fluent Bit that potentially impacts users of all major cloud platforms. The vulnerability in the logging and metrics solution, discovered by cybersecurity researchers at Tenable, could allow hackers to mount remote execution or denial-of-service (DDoS) attacks. Fluent Bit is found in many Kubernetes distributions, including those with Microsoft Azure, Google Cloud and AWS. Tech Monitor has reached out to Fluent Bit for comment. 

“If deployed in your own infrastructure and environments, it is recommended to upgrade to the latest version [of Fluent Bit] as soon as possible,” wrote Jimi Seebree, a senior staff research engineer at the cybersecurity firm. “If upgrading is not possible, it is recommended to review any applicable configurations in your environment that allow access to Fluent Bit’s monitoring API to ensure that only authorised users and services are able to query it. If unused, be sure to disable this endpoint.”

A photo of a cloud facility, used to illustrate an article about Fluent Bit.
A flaw named CVE-2024-4323 has been discovered in Fluent Bit’s monitoring API for cloud services. (Photo by Shutterstock)

Fluent Bit flaw can be exploited to retrieve adjacent memory

Fluent Bit is a so-called logging utility used by cloud computing customers to monitor aspects of the service, including plugin metrics or service uptime. Tenable researchers discovered a memory corruption flaw in this API, known officially as CVE-2024-4323, while investigating another security flaw in an unnamed cloud provider. “By passing non-string values, such as integers, in the “inputs” array of a request,” wrote Seebree, the researchers discovered that “it is possible to cause a variety of memory corruption issues” and crash the service. 

The team were also able to retrieve adjacent memory, he added. Though this usually reveals only previous metrics requests, said Seebree, “the researchers were able to occasionally retrieve partial secrets during their testing, indicating that this issue could potentially leak sensitive information.” This would be contingent on several factors, including the host architecture and operating system and the patience of the threat actor, who would have to expend a significant amount of time to mount such an attack. 

Major cloud providers informed

According to Seebree, Tenable informed Fluent Bit about the flaw on 30 April and Amazon, Google and Microsoft on 15 May. At the time of writing, Fluent Bit has not made a statement about CVE-2024-4323 on its website

“While these utilities are known to contain lots of juicy information for attackers, it’s important to realize that information leakage isn’t the only thing to be concerned with,” concluded Seebree. “It’s essential for organizations to update these utilities regularly, adopt adequate defense-in-depth measures, and utilize the principle of least privilege to ensure these tools cannot be misused by attackers.”

Read more: Is cloud security automation really the future?

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.