Tenable reported the problem to the mission’s maintainers on April 30, and so they responded by growing a patched model of the know-how, Fluent Bit 3.0.4, launched Might 21.
Fluent Bit’s builders urged know-how suppliers to replace “instantly to maintain your programs secure and safe” in an announcement on their web site.
Vulnerabilities in cloud-based programs are usually patched promptly and with out person intervention. CSOonline approached hyperscaler cloud suppliers for remark, with one responding that it had not been impacted by the problem and criticising Tenable’s analysis as considerably sensationalised.
Different know-how suppliers that make use of the log monitoring software have the vulnerability in hand.
CrowdStrike, for instance, mentioned it had up to date to the patched model of Fluent Bit inside its atmosphere, and there was no direct affect to clients operating the patched model of Fluent Bit.
Nevertheless, it warned, “Prospects utilizing the LogScale Kubernetes Logging bundle ought to redeploy and replace to the patched model of Fluent Bit instantly. We additional advocate that clients operating their very own cases of Fluent Bit confirm their variations and apply the mandatory updates to mitigate any potential dangers.”
